Resubmissions
07-04-2024 23:06
240407-23wgrshd72 707-04-2024 22:33
240407-2gjwvage2w 707-04-2024 22:21
240407-193nzsgd62 3Analysis
-
max time kernel
357s -
max time network
364s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 22:21
Static task
static1
Behavioral task
behavioral1
Sample
Judosa_Point.rar
Resource
win10v2004-20240319-en
General
-
Target
Judosa_Point.rar
-
Size
73.5MB
-
MD5
def5592d03bc4b81ec15d3781b7f3116
-
SHA1
911424ea344c6d8882c096fb5d805850d541b570
-
SHA256
4ef44954ca1192d62c7305a7ba83986a3c98744a112ae7b4ea5a1afe635f5887
-
SHA512
842f2a7ce881313609ee7dc542a4ebee2a18fba51367f426270281ec6e25bf92519a9b579460822e9495389d6a889ab653acb839cb5a7a4f9c36c7d29a3f72ad
-
SSDEEP
1572864:Nq/R0P0czoCx3D0frZCsmHaOl2/IzA7kfzIp8sQk/JwjkIq7xx:YLczoS3oZCRfW/7kLIp8g/yjLq7xx
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570025288179573" chrome.exe -
Modifies registry class 4 IoCs
Processes:
cmd.exeOpenWith.exechrome.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid process 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 2252 chrome.exe 2252 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
chrome.exepid process 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exepid process 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe -
Suspicious use of SetWindowsHookEx 22 IoCs
Processes:
OpenWith.exeOpenWith.exepid process 4836 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe 1168 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 5116 wrote to memory of 2888 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 2888 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 1036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4916 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4916 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe PID 5116 wrote to memory of 4036 5116 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Judosa_Point.rar1⤵
- Modifies registry class
PID:4348
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4836
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=2260,i,3739451884007376837,4900555371550671478,262144 --variations-seed-version /prefetch:81⤵PID:2976
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffb03119758,0x7ffb03119768,0x7ffb031197782⤵PID:2888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:22⤵PID:1036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:4916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:4036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:3124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:4348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:2956
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:3700
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:1720
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:3120
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:3076
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:2240
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2228 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:3952
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:3768
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5736 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:5068
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6036 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:2580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2956 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:4344
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:3272
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3024 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:12⤵PID:3488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:4828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:5064
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=1748,i,18146754477153557375,12288815390276163392,131072 /prefetch:82⤵PID:2380
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1436
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1168
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
198KB
MD5319e0c36436ee0bf24476acbcc83565c
SHA1fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902
-
Filesize
672B
MD569d59b96bb5560e031e4685f24022d0a
SHA13981488b84da06f284901e08f9c852daea5742d3
SHA25601bc87cf448f2e877dfcb1cf90d03340f026c82cd75ac86d10bf97806ee97196
SHA51237741cbe01f847f5089e53814ce3ce0fcb2bcf96316c8a63ec9f3266dddafe9b6350db9e35fefb6803346b4a4374a8c36affc0008662dd6f73f0b4acde762ca5
-
Filesize
3KB
MD5030bfdb19fa48bd53f55db3a9cf23126
SHA1232b628ef6ee9a3fbbe6be30c77c8a0426fd4836
SHA256a1b03f907de46983d086bf33c432fb8855a889a0778f020a411aa863d432df26
SHA5120e3f841c9298a39d8407ed8965bded082b17eae68115b0eb3f49966feff4f6cf9f0b5ed8c33ef48d630b33ef33af5013a35c59ed05a52d8b3af95789ef1df6cf
-
Filesize
4KB
MD5503e2012b8d3f11cdfc0fd62331898a9
SHA14c779465009b3802642003ac93a0918d5b77ea3b
SHA2565864de8ea3a3e9cfa4eb776e62f7bfd256935743949cf550b98b940f13e5021c
SHA5121cf3cb60693c1af23d0a05edd01701c3248a404229700fbf0609d59b534795c5b1ac497c0b84f68130ebdff3d649d04184d08425e8e15d9f6e61ccba4366da22
-
Filesize
371B
MD58d9a93ad9e888f6cbbb6cd7d61f17ea7
SHA1b744196f0268cd55c435f7c302ca6c61a6bbc0db
SHA256c8712e7a5a5810333a23b57b2975a3ed0c7e54f9728e44e2e82368dd28d2856d
SHA5126945e6c9e81ef7c9b138e328bc97f7054d421f77fdb2f276f16488e5c5243299c713209a561312f3027c862437002d860d45224df8c51905854af26b90ce991c
-
Filesize
705B
MD5a547a780d4febca57d56241863c214be
SHA155ac9856cd6e6fa45be064ea76786cd33d393b1c
SHA25641040dabe5fb839e688f2536288aa90a5496baffca07a395b1ca840606c626e6
SHA51269bd96340dcfff1aeb4a47a2fd861eab629d2c331960e15963fe5276fd0c30d0bd753f629c0ca4d91fb4543c08836c181a017af6f65c7b536b7baa288241e378
-
Filesize
6KB
MD5147af2718576ead394697ebc8258d99d
SHA118cc111c63d75ea87939101d824eec60df6a60d4
SHA256badf265c78fb2b3764f82a1cee456b2f9182af91cdf8012e02356d029859387e
SHA51230c9dc11124c3494088b2b9159ec7a9ccf7a73effa621a3d3ff2f41f8d5b8abd3c28c46c42da884c19c74b16bb21e7796118e10a149f215a98c9b30c05036b04
-
Filesize
6KB
MD50a7b50e1daa39c6cc8fe72470ad34cfe
SHA107e9cd79cff98ba96a2014d822c3b4a29ac32c30
SHA256985cf22c5968406098721b8ee17affb8573abf1eaeb583537a9ddf7bd189fd63
SHA512672d5b98654c42d4c42377636929e22e64d96519334a28a063c03de87d0e432217db4404e505feffaa1a9d2460fb3f5e3cb8998090e9acc03b7c7e84f91a2a1e
-
Filesize
7KB
MD57bfa6a51a7e6b38458f1230d43b89ad4
SHA184ead966bdd1048b60b41a8afff7572cfd34afac
SHA2562ac3faa387decb4e51748d1e408c1fe42c7969f90b8d6cad77774c153edaa1d0
SHA512fb4979085080d819db06b3ce79bbe468496b80bb4dd5d4dcdc0a3ac96bc21dcbf78ac065082e31acd3a2d01c045f8108e0c49128c0176e37a86fdfbe34423539
-
Filesize
6KB
MD56b19fd7b67e37a64203686cd0b49a09b
SHA1bbfe2a3eb9d1c94ba17bc8e35200bee230bd3912
SHA25603c76b1714421a92acac61d1a88e13d66df2e1c24c1c12f20cdd720f5ef4a738
SHA5124110c85107c93f161bad450f1662a7f25c5ba423054431d8c14434c4db174004f842a7220009b1f8bc687857b4ed8f2c50ca2563ddb2d95f3ef99bed157622f7
-
Filesize
6KB
MD57f69e556536951ea00a502d900fcea76
SHA1187ea001e3e6f75fe55032bd9f839591c83b1e34
SHA256c0ffc347cd6645fa3b4e38d947cfd5ce2445896780dccaee3233fa8d863c2fd7
SHA512c3d7a20f3fc8e5e5440b21dcc69e60a7f7d32cd1c3a405b2471f9f75171cd592d6bab1a4f338a3cfa05a369abab9701cf9ac23d8db3e3cfd5cee037b214be06e
-
Filesize
6KB
MD57b789b99a4acff5340ff2c0e028e63e0
SHA15580e0237014a854561b976a44d664c356a06a03
SHA2560a61356d2fc4a216cc50121640a9a4327419ebd71b78e30ef7d81772a126c03a
SHA512d2a0cf8ff9307cbe8caceb1f0ad5770df143cd3d02062a57cbf06e580a10619cd2e59b3b23997e9f428eaa70e11495a0d432ceff41e562586f593a3fc4eef9ea
-
Filesize
15KB
MD5604c9494b66acfd3686a416aebf46dd7
SHA1840bae4663ae460f93335a3ce88090ddcf682f10
SHA25677c28b1d326d100213553c12e3a31f26a9c04aeff3ef8301f8a69a9d269e9e34
SHA512473f60a73fd1ad769709d6eafd02536534bf66a263d03bba354b481ac759de23c8057d66b1d636c7a59edd4571a5c0ba2bb58a2c99a0e55dd790dd483ef5c4db
-
Filesize
287KB
MD528cb5fe40d29c3f1df3d089a694945a7
SHA1d265a4f05feec37b74914a95f8bb3e78677342f7
SHA2568bc803b69933b60194f702c3ea23d336e02f8951e59149a5eba4f913c122c228
SHA512c4ad642603320aa5c6d76faa64a07766c9d5472eed2d662f65fb5452968a89ff420ef0ca9e400dc968e7a05d77926e12a1353fbd8fce1f8c018f5e5149afdc34
-
Filesize
268KB
MD58d829344d6329c26fbd9100845a2cd39
SHA130c6f7545bf5370495bcbcefa9d706dcc040372d
SHA2568abc922ffec13cce45e48d99ef62fba3fdeb90fd9d96672875e8e35bdda27863
SHA512925bf12f39d743d95979b1dfb95cb44ac577338ac22e81faeaa330b20857a64a6d0719306219f47fdea0d5d96468c03a703d829aaf4dfcd47547da8fa61310eb
-
Filesize
136KB
MD578bc639594f73538c090d9f6f483eace
SHA1831597195a4b514373b0349c218d2c00f1743ddf
SHA2561fb9572f20ecd093c6b18ac0628c61ecbd673575cdaf704ceced26c6db8bbb82
SHA512d275fb49ec342c18bfd0cf3e00f93fda65bb6f304f6d22864bc2cab6ec46fb5dc771064cc6520bb8ac268d761349072791faf280ad09a35da85445af10098148
-
Filesize
268KB
MD522f8d46222791b341606402bd56f0531
SHA195914e8a062c8cd71fd7b2f7460049c3d0e86e7b
SHA25613dbb9d6758b14667706a812c19775ec47276fe024115ce69568f35fcbb5a414
SHA5123ce1ee259f5a5a9b37025af28b184d134a3584dd51035044afd0f5c56a8233e4f56ec5de7dbe280f4183606c6bf33fde9812e409def30e90b79255320a88c595
-
Filesize
268KB
MD5a276304e82a59002c9da8b4958865a61
SHA1a6c350bb76336699359a5bf784f6112807dd207f
SHA2564c9e5fe7f41bd32b1553a050256d491d61081b5193957ba42cfa02c6f3a6299d
SHA512517485cc3621a3716350c26a9616586b8a6b13a9949aa492cb29ba97f2ddf80dd156c4a7918c7a74d1aba5ad05f36efc5bbfef591c5f1a6218b032d5c96abdac
-
Filesize
289KB
MD54e0c1ad0829a8f6247136bc75dea291e
SHA12bbf6ca5bd6aec26cb552a6fbafd51d36a8c0ef3
SHA2568ee23acda2dd4c97bf582194646c786022627ea782dc0a21134e2335f9338c09
SHA512507a6aa40c644115449cff5d430d590d62606dba1ecad00dbd7e73d94d739933a39e38d8d735ea94327c3055109782dd120adfc2fd72dfb5047fa65517300c8b
-
Filesize
267KB
MD56b3ebc9a5e4c419f5cd333dfb9c6f7f8
SHA15be8d54584ab9073efdc7de806e503740259dd3a
SHA256cd20cdd3c5d2511d2adde742845d03fa9b7be43a982ddce1420f5e4db6782634
SHA512d0d6969c507bdf42627d928e2962ce28f098819f98d495f57b651a11d823a972f4a9e4f5d210cb4b43f84fd67fbbe3d5dd55b1c04bf31396f2b08b2ef4af5a16
-
Filesize
101KB
MD5acd0749e8689e27a6f0cbc6fe463c8cd
SHA1a11ecc1a8a7a6d9a2eb956d0ff4bbb1cfce26136
SHA256e1638f7f8d6271f17c324ea9035258422aa7b6c145b4fbc5c506742fbcff5086
SHA512d2265b21a7c67992cc3b916155829826dbda34942aa09048b3961ed4ea1500a996033e703e7283cbf6e91ed3db4224d5ddeb0266101c2f9564a7900b4f63433a
-
Filesize
106KB
MD542b221ca742a3a5a87a040ff0eb65fcd
SHA1bdaa3eb82f578a1a37584dfa156b9db007559b28
SHA25621a6ba139032ce45ebefe8071aa939a29a38915e80ee1ba8b696f4a92ca6a952
SHA512292c2fb7b8ff40182e0c6b0ab8f47995d6aaa92931e56c95dda57f04db060f660b36ca2e4d9a364fe7fe6ebae4fb4f8e3c623bab146eb35fccdda672cd205512
-
Filesize
112KB
MD51dcf1c59ec9052bd8b885a1838d26800
SHA14c7876573101eb7a6fc790bf0acaf33896754929
SHA2562279fd9837120aa616d4bfae9fd1593b17fd24a6e87879799ee3b7d35c00a767
SHA512b6937231671c507f7d1ad207f0ca9290acfc6b835ce742f00ef252be3a55b7a197b8da5ddf3d402333d7c4a63e917c85b197c453914661f349ff7b175fa09437
-
Filesize
98KB
MD51949333137ca9cb1a20ba64d0057a925
SHA1b67d4a225991ec5184fa2535b92a14460be5d420
SHA256130481c1e053877705693129a640c9b4ce97499e05c4625e22162ab484fa2016
SHA5121762c33e79fdcd48cb37f05ddc9412ff9ab4d0eb4a5d150465fea717ef730259244f893cda62205832705e9e28446b728105869ba772d996f1293dd410cba792
-
Filesize
264KB
MD5ce0f881f3915ec09315fcbd92928bd2b
SHA1981d8b3356f0f57c5623ddf295b4705eeda194c9
SHA2568ece70dd2c8f9131bec143cf27ece5eb861428d2b5d69b1b33b2fdb4e252b3ca
SHA5126ba8d9a803a559e22a06b901c35fd8a9993e6ad3e7a1b17576652c3f5eaf9b0f9bf405edf1a4323671095d4698b0ae8626ecb3f0b3ff2e12cd8d3b3ab3a04754
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd