Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 17:50
Static task
static1
Behavioral task
behavioral1
Sample
o.txt
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
o.txt
Resource
win10v2004-20240611-en
General
-
Target
o.txt
-
Size
29B
-
MD5
a7189cd3f729f2f033024856065bf511
-
SHA1
388a47d24febcc9374fefbce9c314c5f5c8ade30
-
SHA256
ef7524d3b360d66dea74293d427dd93444a4aa1496dbd7f0ff0726f6da97893f
-
SHA512
9923bdf127840b63bcfc77a8d49d5dc059e68e19ebb67547bd739474552672553afb9ec5a5d91baf97dcae6f7ec711390950fb906f1380dab97297eb9d66833a
Malware Config
Signatures
-
Downloads MZ/PE file
-
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule behavioral2/files/0x0007000000023573-285.dat pyinstaller -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633794792998167" chrome.exe -
Modifies registry class 1 IoCs
Processes:
taskmgr.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings taskmgr.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid Process 4972 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 44 IoCs
Processes:
chrome.exetaskmgr.exechrome.exepid Process 3948 chrome.exe 3948 chrome.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 5748 chrome.exe 5748 chrome.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
Processes:
chrome.exepid Process 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe Token: SeShutdownPrivilege 3948 chrome.exe Token: SeCreatePagefilePrivilege 3948 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exepid Process 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid Process 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 3948 chrome.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe 2060 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 3948 wrote to memory of 3292 3948 chrome.exe 108 PID 3948 wrote to memory of 3292 3948 chrome.exe 108 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 4628 3948 chrome.exe 109 PID 3948 wrote to memory of 440 3948 chrome.exe 110 PID 3948 wrote to memory of 440 3948 chrome.exe 110 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111 PID 3948 wrote to memory of 1696 3948 chrome.exe 111
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\o.txt1⤵
- Opens file in notepad (likely ransom note)
PID:4972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4416,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:81⤵PID:4968
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe543ab58,0x7fffe543ab68,0x7fffe543ab782⤵PID:3292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:22⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:2744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4620 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4284 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3296 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4852 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:6064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5060 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5416 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5548 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6156 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5920 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:6116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5724 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:6040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5160 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:5936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5812 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4896 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:3156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2680 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:1236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2572 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:12⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:5600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6360 --field-trial-handle=1668,i,16357392324640514385,7586818111285665628,131072 /prefetch:82⤵PID:4616
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5240
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2060
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1924
-
C:\Windows\System32\w3kwab.exe"C:\Windows\System32\w3kwab.exe"1⤵PID:3544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD559f409dc50045a6c23ddbd774589d5b8
SHA111f5d949ae51a167ce3c463fcd811805e0f4a780
SHA256ebf5c361b59df5a9ef8b734b1e60119c2be5720f06a396f607c9db6d7c2ccef6
SHA512c6b218d4ff69a3906ee8fae9548e1d0246977937a08d6ba9bf092cd2bb8f6a81843e745149a1e8bf1607240757f01c56d999dddb17cbfb7b1f5b106ac3e35555
-
Filesize
1KB
MD54ef5ec99a0072f69a2f2d905d32a0230
SHA168700f99e478fe43bf4d70b103440f96440a6a14
SHA256acc0ec3dd78d4aec4c71e75bcadd88aa6e27139db910b28d8a1fcee803d64e1d
SHA512e9433eb1d85230f6a2391ae2a844dd83cfefe79772045116b89a2501ba142f801c76aea51d5e92fb9b8c60d2bcd7e91585157718ce1c6d59d2963b656c326416
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\37ed2910-4a43-42a3-a579-27681a857be8.tmp
Filesize7KB
MD5e1fa216b0831f9c731151466c8a5c11d
SHA13c0c7c90028209b310fd982b4f0133f1027fcd2e
SHA25639da95dc0ecd4fd569a188da602629373a65af135c3e4f7b61424fc3605b107b
SHA512f6ed428ca24058ba163f8de908d4becd3260bf4e10874a04c3f3af5c304b457e0bcbfd1fe87792f7fc6adc0f80ff27fcd20d8265e1905e531cac9d1c1e70199e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD50e8fa58d1ed7d5ccdb85a4ef50167b0a
SHA1c2daad7126621ac2d6d9f02037b1e37d852d9df1
SHA256838bb18cd604ab5a084fa485a55f11ec50c7d09d6b8cf1a7f0c267d9a27ad938
SHA51272f133474e12d7dfbefd9c97c243a257ca56f654ff4e151213fda28af38f065af798c1fdf7729fb381a123c60c2b59d3abcb7e9c36f2b6068eb59e22aab32a53
-
Filesize
2KB
MD5cf09384e5b11af24b740e4d4edd2acd7
SHA171febe9e56efc81d552e03f1f77bf0b74b76beb4
SHA256dac1cf808f2c5426f4c18a9faa76e7232aba3dcad72fa47400fb0e50c80bc454
SHA512f9897145c1a686d1bab1b8b160fbfa8196cc5a7c7ba5113d2e0925fb0ac3098915d4bd8eec0050ff085b8d085487be720bd1029db750b8b074258ab6e38a02d4
-
Filesize
2KB
MD57791fa8516b74798ab4c1236b1caefbe
SHA1a2a4a8e618a04284e95c19419f7999d43146ee5f
SHA2564e7e46dd0ad48edcc2ccd36a3393410593cd6b6b77933bb19b8d97acee6a4763
SHA5123699c8b26b1a372b225d84876cad6bd1960294d73c65afc353171f837dfdfe638b2baab4439a67c033f56e32a5c75ae85a210bf19e89f786024dc76b9d0f40aa
-
Filesize
7KB
MD55747e5c1a7f4284584dea7ad7329349b
SHA170f643b7e9f7687141b24fa1ddd3562cdecf6878
SHA256cbe5f88a293021214bc2f4415eaf203d622beb12cd6dcbb1f5c623e730764b7a
SHA5127b6d3fe03f5c79ade3f5208959f94d68ddc5663dd02f51b6163190e8d157fa089599da2187d52abdc4cf6c0d1ca3df4b6fdda4e6d014847159b312a2eebf03a1
-
Filesize
7KB
MD50c3e57244c239bbe91d6e5171e9cc2cd
SHA1d5384f9c9f12b5c4bc64f8773de018152a709f13
SHA2566087f8c023224bdd8875b8e247b476c53f8c9c6ed3a0d74e3dd58d390fa37767
SHA51223df8ff43a4c0637963f4d98d17c4751b4ec913ee4fbc62bb4bb84ae40d28f1dea84d148148b162ce4f7e424079e6eb081ca8163aaca48b35d04eeed2878c839
-
Filesize
6KB
MD5c0fbeac68410d2b87138d6d8bb6f6742
SHA1e64879c1b7a126fe5ed47e1e2f7b2cec9b9e77b6
SHA25676c47608a60b6e1cd61564560008cea4643897afb3069dad536b1fd19132c199
SHA5128eefb3b5c2fc6c754d212349edad63565d2851a68da7498cfe728a0a8db576de135e9aef5375edbca1badd79f91fd88dcf28fadb7206e3e049230dc73af5939e
-
Filesize
16KB
MD5d9a0d5bb4317f79c3e4463202c51808d
SHA114e63cce8a5008a46b7123bfbe6eed51bbf8f4c0
SHA2566198d2afbaba0c781c67d060905bf49889266e17ec66a7de71d130cbc2c1300a
SHA512221d229a8b20d26bd6423ac7cd6393c41f1bacfb6646c8b76c3d07497133e342b10cb87f254ee4ca3cbf384247c8f729777798a90007211925748efe829c159d
-
Filesize
138KB
MD5f3414bb8cd09b9af7b610557652e2633
SHA1404537aef2debb27434ccd7340aa0ccd6d74cde2
SHA256f55e673c41c58734ba8dcf70376eacf4ecc7f204d41e7875ed43c32d786879d8
SHA51219ef1cc310454ec38e58d03fb05aa941a5d91ac473d7b841a30368ece6a54ed7cd2c7f586abeaad7ef4c60bf2092efc18e9d9929b7c6741677126357679f675b
-
Filesize
278KB
MD518959f2e7f3307b8c418fe888866bb58
SHA15f554f943320876dc1ac88ee67c73c3aed23a871
SHA25633392e153c1323ee2e79f01b38eecb1d1609cb737e626de647c6e9fa877315c3
SHA512a07252784eb796c2e5ad4ed063ce93dfb65444a96730f49afd9fa08a5369eace950de3b347dc81a1ff87fa7ce11a7cd0b67c9018a7b13f14287487d9a42d597a
-
Filesize
34.1MB
MD57f5857c325382d087fca5ba1ee335219
SHA15fdcce865adc1e4307823a5561c04f09df12b9fd
SHA256acc2934714f9e65e9565e42fe41b6bb6e06269da74769c346c1f3502d794548b
SHA5124839e7fd1c5b91dd68ddf7983b7412a281b47e1517a17c94a5842a06b08a82063a0a6819f1a741d29ffa13474b37486b9e3dcaaa3e5e1501af651f57688e89f3
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e