Analysis
-
max time kernel
71s -
max time network
72s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 14:17
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/ui4w0uvie14xvbh/Windows+Fuck.exe/file
Resource
win10v2004-20240508-en
Errors
General
-
Target
https://www.mediafire.com/file/ui4w0uvie14xvbh/Windows+Fuck.exe/file
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
Processes:
Windows Fuck.exeWindows Fuck.exepid process 5688 Windows Fuck.exe 5916 Windows Fuck.exe -
Loads dropped DLL 10 IoCs
Processes:
Windows Fuck.exepid process 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
Windows Fuck.exedescription ioc process File opened for modification \??\PhysicalDrive0 Windows Fuck.exe -
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Windows Fuck.exe pyinstaller -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 17 IoCs
Processes:
LogonUI.exechrome.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "95" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621570833600710" chrome.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 5104 chrome.exe 5104 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
chrome.exepid process 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe Token: SeShutdownPrivilege 5104 chrome.exe Token: SeCreatePagefilePrivilege 5104 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exepid process 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
Windows Fuck.exeWindows Fuck.exeLogonUI.exepid process 5688 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 5916 Windows Fuck.exe 4624 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 5104 wrote to memory of 4872 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 4872 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2364 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 3848 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 3848 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe PID 5104 wrote to memory of 2496 5104 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/ui4w0uvie14xvbh/Windows+Fuck.exe/file1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb263eab58,0x7ffb263eab68,0x7ffb263eab782⤵PID:4872
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:22⤵PID:2364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:3848
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:2496
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:12⤵PID:1464
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:12⤵PID:3504
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2940 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:12⤵PID:2276
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:3524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4916 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:12⤵PID:4716
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:3304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:636
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5636 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:12⤵PID:1552
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4992 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:12⤵PID:5056
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:5284
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4824 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:5360
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:5368
-
C:\Users\Admin\Downloads\Windows Fuck.exe"C:\Users\Admin\Downloads\Windows Fuck.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5688 -
C:\Users\Admin\Downloads\Windows Fuck.exe"C:\Users\Admin\Downloads\Windows Fuck.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5916 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c shutdown /r -t 04⤵PID:2104
-
C:\Windows\system32\shutdown.exeshutdown /r -t 05⤵PID:4892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1908,i,15988061427681614075,17256656722563371208,131072 /prefetch:82⤵PID:5696
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1248
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa392c855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD50cd429098412849541cb95afaf497de7
SHA134fcdc8c1708981ab8e69a9ccc50ab898d7f7df3
SHA256d987cb1f82d1cfa20deebd5947b3ce1b9ae9ca25cb7df736727c507a3a17700a
SHA512955809ff9150048d9b739222dfe4c1cc7b4f330cab2858b74ba1b8af8514f1d97268812c0ef81a3d926c9928fab845515a0fbd834a8dd1d0db39359001ce5f03
-
Filesize
456B
MD521f13a5579fd0350fd60397ced35f88a
SHA134e38c4f3c15f72d95a14d18f399f14611dc681a
SHA2563cac5274b08d2672cb4a07fde062a690d3477ca37322974280233a63ee80add9
SHA512699bb68fe6a5e4480f00d43e0128848f770a00bb3771ca12a600d3f79d9f52a781afeda2afa05b706bb64c4836468ac06fc564ab14edd31230ee5345e82932ff
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5a7fdcded190068d3a60d2ec100d32ea7
SHA145c807f22ac13ae552c89d3443487e86b2cfb4a0
SHA2560e66279b60a7ce9d88b5fae9580264044543774f93d9a08d44ef0ca39ecf4b3f
SHA512477cd60d09a6aa773a0655f6d761439deb8744df25e611dafebbbc58eb75fc44427c0a75cba5409e2793aeb769f1805069a335c9e42aa373ee0d5bfcb29e07a5
-
Filesize
1KB
MD55477808523a38804a72fc2565247f012
SHA1f61035641e1f7cc27a510f066ab498ad2cc2b9de
SHA256c12a33b4d3dcca4a7fac5eb52bfb869ac4b3a0c7b5303b4fc7bda03ca6b78f1e
SHA5121978922127fba737ea966c41bf7ff4ce1a64743fcfabcbb37b8992cb0bc7f6ba3d830c2692c9eea65e549c4042ad98b3c390bb3c2064a2f1bc84f145db49a19c
-
Filesize
8KB
MD541d1752b7b1dcde2acf748f688af4321
SHA150114da97136c612ee8dc710acecf1b33867426a
SHA2568ffaad8523ad0e88101af88f604bb7498c81ebd028463c0fd8c1673eb83b19f7
SHA5121d6af3893196bce4bcda093905d9a994b450a458d71a7c7970d9e33f72939e64a66e8225cfb0e12068fe65bef3aec282787db68a8d651a8b43f169ecde2a3093
-
Filesize
8KB
MD5750f1ea0dd1687d9751ad85051bb7461
SHA1037b39a43be61f5eeab6a02aece28da9393faad4
SHA256808fb6c9c8fe976f27fe5ad7c442329fa60d05f77237802d88677fdbdabf6174
SHA51276d71c74bf3a67ca7beac06d186662dbc70db183442651273542c3e7730ced1f87d32a20e5c626abfc2fe210dd40a4dca90d5934441cb316138fdb97e6ba5451
-
Filesize
8KB
MD5178528b976f8ff60e820504b8592b9d8
SHA1769a0477d88c1d268740972c725f6b6848dcbd97
SHA2561bd3cc7e01584b5a92ab5060af2d4401c09079460deb607115c1795af7d835e7
SHA512dcadb4a878485ef1d4206add8782b2563bcafd086faac3c2ccb0e93f02b8de2263c207011606b51fdad38f2c43fa6af2ac5f341c333bba2ef80a83b56bb4cf8d
-
Filesize
7KB
MD52eeb72bc9f6bf29ac9354c44773bbe62
SHA1602b54acf17054f657178f99f2aeaa3dd31d4004
SHA256f30e2fc8e29c2004f6fc42c2508470be915842186c94422c56b8935bd4cdafad
SHA512556bce5917a45140e4a81c3e98ef916f45d62f6a5d34d25949b16a447be69ecad72ca9c36e8b48cb1aeeb9c2e97686e2828ab36d4f7e12a9bfd38067f14a88b7
-
Filesize
129KB
MD598695098bb8095ad7977f5b8bb1033fd
SHA18b70d1f3ec15d2168170a236aebe5a8fdb456fc8
SHA256feac59b1d1accb7680fb0a0975f441a4da47cb98e60c18ffb2017d9aab08b788
SHA51260f6761ff3a98f1860f15e501f8cd01426581f6366cedece8978a042e226b57e03579ec29dbe8c3f2ba7b0d46a97463445a671b081f6a153f707aa6e7cc61bfb
-
Filesize
129KB
MD5f1607a5221d421e8c32b5356812e83cc
SHA16af7d47bdbfd2a6d5f6d5a1432b8a3edeb8aae64
SHA25651ec740c704eca94879c6dd1cd538f2befb8e28b3f532d5c354983699f541719
SHA512fc0bb34d7d2c7d5bf0c1a00bfc9960426f47f35536124fcc1ae93bebbe79bfd28569866b6d48de49ac7f6a0488bbbd7a056169bf944518fc2fcfb64da5d88136
-
Filesize
104KB
MD593f01b80d78899cca6bd942941a25872
SHA102787cfab191bf343f6a55c6be40adeecac3810e
SHA256ce2b057d7d6a93dad86aa02a4c7a5c6efac6513a913fc09bfd7c64b80f22ffef
SHA512b84617e538ae11517eb1efa7ea87f204beceeed5142c36ff7f962198f524b5058f62ab62aee40ece59b2b8d852423deda832f1f42dd5e494e8027baf4996a433
-
Filesize
96KB
MD5b978c4841ae2cdf4b8f11fa67507a871
SHA155373203792b2df5097e087b9e6ac421487ec539
SHA256f5ec261c60344002e81ea7febbfb2cdaca6dbeb8415b4ed6bfbf95a5b568dfcb
SHA512bea0472383af8c65b59342cf9eaae7a2b1faa66ac0c45b3e45ecc26b7635cdf3da4d64c5d42602d742781bc8e3d93df9f1455784d510f1989b63ff42e35a034a
-
Filesize
116KB
MD5be8dbe2dc77ebe7f88f910c61aec691a
SHA1a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA2564d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA5120da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655
-
Filesize
48KB
MD5f8dfa78045620cf8a732e67d1b1eb53d
SHA1ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371
-
Filesize
83KB
MD5223fd6748cae86e8c2d5618085c768ac
SHA1dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA5129c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6
-
Filesize
245KB
MD53055edf761508190b576e9bf904003aa
SHA1f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA51287538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248
-
Filesize
64KB
MD5eedb6d834d96a3dffffb1f65b5f7e5be
SHA1ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA25679c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad
-
Filesize
156KB
MD505e8b2c429aff98b3ae6adc842fb56a3
SHA1834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3
-
Filesize
81KB
MD5dc06f8d5508be059eae9e29d5ba7e9ec
SHA1d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA2567daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA51257eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3
-
Filesize
1.3MB
MD508332a62eb782d03b959ba64013ac5bc
SHA1b70b6ae91f1bded398ca3f62e883ae75e9966041
SHA2568584f0eb44456a275e3bc69626e3acad595546fd78de21a946b2eb7d6ba02288
SHA512a58e4a096d3ce738f6f93477c9a73ddbfcb4b82d212c0a19c0cf9e07f1e62b2f477a5dd468cd31cc5a13a73b93fa17f64d6b516afef2c56d38ede1ace35cf087
-
Filesize
5.0MB
MD5e547cf6d296a88f5b1c352c116df7c0c
SHA1cafa14e0367f7c13ad140fd556f10f320a039783
SHA25605fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA5129f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d
-
Filesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35
-
Filesize
5.4MB
MD503a161718f1d5e41897236d48c91ae3c
SHA132b10eb46bafb9f81a402cb7eff4767418956bd4
SHA256e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807
SHA5127abcc90e845b43d264ee18c9565c7d0cbb383bfd72b9cebb198ba60c4a46f56da5480da51c90ff82957ad4c84a4799fa3eb0cedffaa6195f1315b3ff3da1be47
-
Filesize
1.1MB
MD5d335339c3508604925016c1f3ee0600d
SHA12aaa7ba6171e4887d942d03010d7d1b1b94257e4
SHA2568b992a0333990a255c6df4395ae2e4153300596d75c7fbd17780214fb359b6a7
SHA512ac6ab6054a93261e6547c58ee7ba191129a0b87d86c6d15da34fedf90764949daf5c1ae39aa06503487d420f6867df796e3f1d75f16e246712e0e53e40552d13
-
Filesize
131KB
MD526d752c8896b324ffd12827a5e4b2808
SHA1447979fa03f78cb7210a4e4ba365085ab2f42c22
SHA256bd33548dbdbb178873be92901b282bad9c6817e3eac154ca50a666d5753fd7ec
SHA51299c87ab9920e79a03169b29a2f838d568ca4d4056b54a67bc51caf5c0ff5a4897ed02533ba504f884c6f983ebc400743e6ad52ac451821385b1e25c3b1ebcee0
-
Filesize
29KB
MD592b440ca45447ec33e884752e4c65b07
SHA15477e21bb511cc33c988140521a4f8c11a427bcc
SHA256680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA51240e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191
-
Filesize
1.1MB
MD516be9a6f941f1a2cb6b5fca766309b2c
SHA117b23ae0e6a11d5b8159c748073e36a936f3316a
SHA25610ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA51264b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b
-
Filesize
130KB
MD53a80fea23a007b42cef8e375fc73ad40
SHA104319f7552ea968e2421c3936c3a9ee6f9cf30b2
SHA256b70d69d25204381f19378e1bb35cc2b8c8430aa80a983f8d0e8e837050bb06ef
SHA512a63bed03f05396b967858902e922b2fbfb4cf517712f91cfaa096ff0539cf300d6b9c659ffee6bf11c28e79e23115fd6b9c0b1aa95db1cbd4843487f060ccf40
-
Filesize
140KB
MD5d76ddfd0d46141734b7bfbb0f9b88a09
SHA1fe41a62ce3bf5c2e55a2f2b4fdb4ad64e9f07717
SHA256eaa7853b725db0b12aa350f43258fceb81b3a2fcadbbc3d0d9abd1aa4fde1467
SHA512b317bb9eb178be617077ff798b4ef76eb332cc5ab62b3d4bb9e11f2e138cd3fa73676269a279be66951bf6b14bd97026a1c9f6394c14d19dc9134267fd82aa75
-
Filesize
212KB
MD54ee5cfb68e56a5ba61248ae92c60e8c0
SHA150f064a2cb91284130f99637d2756ac07af85b01
SHA256e3698280ff0c7769c1cdacf302688735cf4ab632989e1312d2a45747e79f5df2
SHA512b173c595a8f7d66000ae5bf88abc7d411a5af01c5ac2ef73a162199f2f77404654a7f08a9e3e2f3319f5002459cbcb953311641af525f627e077ebeb7240dc4f
-
Filesize
10.1MB
MD51a3ca81f61164a046d4a40533a5a05e9
SHA141a106bcaeb00d25c08005ac4eda58b342c65150
SHA256b2de1bc369a203957f8f3fcd4e899565ef1c84fb0e1570af81b73fc4618f931d
SHA5124a224f9b959a6c9b121b321877aac2fba5ec4e65ea12f847b24d231e74708883b758d1a2b5904b40a685c7338f2559f23a4f2484432b4879674c7c4d02ed35b1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e