Resubmissions
04/06/2025, 17:18
250604-vvjpnssyav 604/06/2025, 17:11
250604-vp9nxaaj2y 1004/06/2025, 16:57
250604-vf9ybahp6v 3Analysis
-
max time kernel
125s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2025, 17:18
Static task
static1
Behavioral task
behavioral1
Sample
version.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
version.dll
Resource
win11-20250502-en
Errors
General
-
Target
version.dll
-
Size
2.7MB
-
MD5
40c2231241385e75bea54c1408a94881
-
SHA1
e8a255003325077bb8b4990084d09c32cba827f3
-
SHA256
972d58a325c303624e7ee5e10263c6ec3676ccc05755e2cd73b0b8ff7eef9f0e
-
SHA512
559d561b0b2521ceefcf098539976f27a9e0678a7f1976ba0044f6d713fd541a41a0e6025c57b7ce116fef1eaaf566fc51d8f3acb4f2df65a4fb02c7d3028645
-
SSDEEP
49152:IKtXyGVrSRE665kUv3OJPGhhCNoEcKPvzsClA4nyk2bBF83EqAXVhfQ93pO/rf7q:lrSREf3O59EKMFOZ30/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 132 raw.githubusercontent.com 133 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 [email protected] -
Program crash 1 IoCs
pid pid_target Process procid_target 4680 2548 WerFault.exe 86 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133935311564155954" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe Token: SeShutdownPrivilege 2520 chrome.exe Token: SeCreatePagefilePrivilege 2520 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe 2520 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3008 [email protected] -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2020 wrote to memory of 2548 2020 rundll32.exe 86 PID 2020 wrote to memory of 2548 2020 rundll32.exe 86 PID 2020 wrote to memory of 2548 2020 rundll32.exe 86 PID 2520 wrote to memory of 1404 2520 chrome.exe 102 PID 2520 wrote to memory of 1404 2520 chrome.exe 102 PID 2520 wrote to memory of 2748 2520 chrome.exe 103 PID 2520 wrote to memory of 2748 2520 chrome.exe 103 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 3268 2520 chrome.exe 104 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105 PID 2520 wrote to memory of 4128 2520 chrome.exe 105
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2548 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 6243⤵
- Program crash
PID:4680
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2548 -ip 25481⤵PID:4704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff1bf6dcf8,0x7fff1bf6dd04,0x7fff1bf6dd102⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2176,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2204 /prefetch:32⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2092,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:3268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2440,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2508 /prefetch:82⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3968,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4496 /prefetch:22⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5380,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:4228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5616 /prefetch:82⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5764,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5792 /prefetch:82⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5928,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:1952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5944,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6096 /prefetch:82⤵PID:1716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6120,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5972 /prefetch:82⤵PID:2024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6000,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6024 /prefetch:12⤵PID:5608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3156,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4672 /prefetch:82⤵PID:5924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3256,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4664 /prefetch:82⤵PID:5932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4924,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4660 /prefetch:82⤵PID:5940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3972,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4548 /prefetch:22⤵PID:6132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5908,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:5364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5832,i,10803567447298305928,10265264412098778021,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5824 /prefetch:82⤵PID:1416
-
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵PID:184
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4400
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5680
-
C:\Users\Admin\Downloads\Petya.A\[email protected]"C:\Users\Admin\Downloads\Petya.A\[email protected]"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3008
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414B
MD58859933a105088a0e025230585210364
SHA153cfa57e2e8652b47cbb6d01a88f436fba410e4f
SHA25693baef8680d46142ae7b29adb3f3f564223022a4b2a92c19115ec43017b3212c
SHA512461d630e99e73c274f523c0c9697c90bafe24a72bfd0199ebe03f3b3af2ae70f90cf4afa65725e0807a01082e9a50229bd90a10bcf51a448f3ac562983fb128f
-
Filesize
270KB
MD54be8adaf33a1f57481cce8789a4b2f8e
SHA1d51ca58dbda01ef7987c24d23a8801bb5fe10937
SHA2562f429fb17647097b45b6776460f5bcb2afbb45e35b1c59fe1831c8da42a83e95
SHA512f631b60560285c9084ceaf32935edb3e5aa7fa036c6585e477b282566b69e9a54836cad84e109e1a8f2f275df65c8b9431b0011c6ecc34a808c2243a3b453a71
-
Filesize
2KB
MD5b21135dacff8174491020700c07220f8
SHA11c7a90a7f4dda18c55ca0bef149e1f8bd91e608e
SHA2564cc310b32f8712a425a304e0d973695d56380899ff1f317dacbf589d41870fa8
SHA5128ade4414ce7bdf8d84279f03d161bc5dc5bdaafb3ed8f96b7f0dc437c3bacb02603eb0f82de4172b88a80bdb434c33bad5e77710f077e446984e468bf30b1d12
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.92.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
4KB
MD5ffeff0dc1d27ec3050ae94ec456a078e
SHA1c6201046ec9d0a51f0df39f0cd949307815b04a7
SHA25677266d3d40a80e03081cd5af85bf8a884e6708ea4eb49a4c951bce92b1f1b6d6
SHA512881ddfb2c10e9a95318010f24bcf4d7c5197f0fffe75bd7359a1b9dbd33adcf3b7e1f744163238903aa63f62b428a96574f354a1a4f1a151051d1c974d0e5c89
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
12KB
MD5b75f80c5bf5845d4a901c10ab2e5adc8
SHA11de5aed8490a1c3e10baf202193b36c271f94d13
SHA25633393bd8bc159d7daa463d0e6a76f7afadb369e022f5ae050939a60f0bc88837
SHA512a65b6f0e5f27d8442a9679d450edf411dc35bb94366e89a36681f3ee94476dacf15c02a77a47eba57cdf02ba8aac966b1ea254b3e6453aa3b10d849a98083744
-
Filesize
12KB
MD59d313709edba2a1fa1c4b46cc1836277
SHA18445637327830a6a4b415b34bb5b90764bf26996
SHA2560cb24c3996d2e12313d9af81c32bac4378df6ff3e6db724a9d1e9d37e5d56d15
SHA5128b4a2682cf9c36ff369eaf58e2c4b17e9337724e0d79f18ecd4e7a16847da50f53836f3a3286e817f03a6e97127ab6169934b82c20d90a552c710362016f67ac
-
Filesize
12KB
MD5f90d4d04a251ec4bb2f2089cedac7472
SHA11465bed681f4a636c3b0e73a85cbfc7eab83bfd5
SHA256c6390252a2e1880288ec040b537ae799a1b2f461164a56d1fab00df5157686a5
SHA51275b2f8f84b6cc10a22bd034d5842b9446eeb9cf4350d12c2d0007d6ed2aeecdabece3f64277c07eca549031757c30b0c0262c991f7b95d291b134d97c61c6fea
-
Filesize
11KB
MD5c21c73ad4eb7485def55ce0643bfec99
SHA13c33d1a056dbe91521ce14772fcb056f3660fbbd
SHA2564c8499fccaf28fa6c00f5b1b3d7f3cc87d9ae2d369eb8af9e6bc731e2acbc775
SHA5128c26108a054572f9c2138df934ecf90774fa3ed2deeba6022158d0d1a87c62fdd9e840fb7c6d551056d11ada13923c7975266985e25a1bd0f6a933fe577eeee9
-
Filesize
10KB
MD5821c5cface8a8ca3aba12cb76a9f35f7
SHA172109fe6b43306ac80f42bd9d43a6fbeda553ff3
SHA256445b9174bde28998c85ddf5a3caa7494afd2d01d85c8ae57c96aaabdfd9d29d0
SHA51282beea461ef25ce823b9998c2704b912e8d38bd19e86e586c96d448884f7a5aafb8a85d1e679cf90a80ee3086b0a014e4023f4ea4b754f281e03bda892ab9f29
-
Filesize
11KB
MD58d7490b3e7a43db4c3da8bb00ac6b158
SHA1c7066fec614d396ae635dff0cc86596139de6e12
SHA25684d62bb842b95a2176f4c7f7e03907e10a514e76ffeb9099c0a2b897637cfea5
SHA5127c030d828e2390385a248512e24301b9471794e921057eb46c4ac4f5c093e1df3a61c1bd94a93541a082b346b1aafd3f69fee51bfeebd6cec88a4f087276dbd1
-
Filesize
18KB
MD5a14197b9a3e0e6be1f3d861bba125bde
SHA14f5c06b1f95fbce95efb57c0badf247d8c6a0c11
SHA256aa384329a719c56c3969f9c4db5166bedf5abb8a55e904bb992be0378d151627
SHA5120f92350b7b2a6a75dd90ed648d53750f04c24e6e7751ba75dd9c3f3019656a608b5c21b82eefd3c626d1de634ea03439606fba7cc51535af13c02b8794b1d2fc
-
Filesize
15KB
MD59571a49a995334cf67e5994b6e0871f7
SHA1fea9c606fdf3b161167105f0401eebd9d38b21f3
SHA256d386ce6da18fcedc3caea3c557b94e14cb8d19442f75485784a69cf5c92b2c4a
SHA512afa657bc76e2132a40a6f14bb6621633754c4fb78b7868270964d306fabe6fe770b604a00898d8b065c62aab974be89d274ed9abed704559d71863391eeac278
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5e90c5dfc2100078c7119436fdc5cae94
SHA10f55ce1c42fd38d8c1a88d4f3696d68e90ac4a44
SHA2562a84b19bcbd54a13aeebc727cee68e4b2faa73f8e1517ac959cd80d96ef7adbe
SHA5122f61f733c0b776182bf830c6e9d1dbdbb5e348f220319be976613086e07de14df9c6ed1c8e365eee8d58701da38196db05eac8cac77c42245569261ca53f7c5e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD55c6899d577a32af20a35fb6020db2fb6
SHA1a19a799d244386c8c38a671a05b7c33ad6025bad
SHA256452cbdd9e25d6e4c1d8e9b92841ed4795c166023cadb9fe90916f123ba9df35d
SHA5125d8a09042a10c7d7b1456aa1fbc6920ff1697c82698a8f11c1f3e9c3e767fffda031c6c56df7ba46437f814a1fac1cd94312d2e3dfa4653ced2cd6840caa40fe
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580b65.TMP
Filesize48B
MD5cb7278a550ed51efa71c856533fd682c
SHA12c32125291fa3f90db389f710fdc296f272f3f0f
SHA256681e4c41ec28efcf30dfb2470bb2e38c47de8282614b46e277ca921e7f30ba16
SHA512c199dbfe56160f417c6104d71da0015b8934054896e81ec558a62226b409b3beb9af21243a1d824989ab353a2a0151beedb5f4e520e19d36016e7f8b21172484
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index
Filesize72B
MD5a2a0b5be47dcb01a6acd6be82891f56f
SHA111e3c1e3b5ea47ebbb5243a51f770ff3eee6eef2
SHA256f045d9b9fe639af52687f9a409c0f9e6a490da22c91398ec66d1c7c6aeecde9c
SHA512691d6b5841402f6cdad4a56b57191d26c2e545acd1d67141e71db6a1077b8340bee7f53c4417cc939e336e5b5ae4a59632c2fd3840420ba715c257c89551465a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e68048ce-3b0d-4bf4-8f09-3cb303038a29.tmp
Filesize12KB
MD537a6b31c25b93a83fd98b737a949d06e
SHA1f91514353e386ee1505ae93628519fcc2b3f7765
SHA25656ec0ca93b7bcfd2c982007fbc39d69ba7a304b155f318aa5c38e76290fedb42
SHA512b8492556f70c423c2e224bf2aaedefea17b81dfc13149be55f5a896a0e9740105977cae33950af62d51906fb9cef264e701f5c88d0a5ecfabf9809ea87c4de25
-
Filesize
79KB
MD5ac199b689d214b7102fbfb82e282c8c6
SHA1e1ce373e0cd4517acd82bc0de7da137df82675a8
SHA256e19bef15d004a7991c8bd479f7c20626ac46c5025b5f0d64a958fb83bb9ab147
SHA512b565544865125487fafc4afa894cbaacd9489ab3873984d011ffd5167f013018922fdfcae15dec6efb1eae2c9b73a82ac709427d0c85cf09a0574fd36ac40270
-
Filesize
156KB
MD58e4eacc475d2179c7b4072e12a83a689
SHA16875f929ed4aeccf931daed90c5cdadc00ebeaf3
SHA256a347b25c1ec3fac9cf4091c9e74d52f9f5c17add4e09c86e131db281b24d4601
SHA51210faba39f5c3232b9bfec60e4ca366ce5ac083c1279eb6e63388b7676bea39d7c8bae107c4ea8a0ad130010db4c6817b0146f17e6872263c66270d0829be5063
-
Filesize
156KB
MD5db0380bbbeb7754efb2d2ebe16661008
SHA141a0eae37e4728d6e0a1a5b653f6a7d0cdf747a8
SHA2567f36481b2285f0b194a3c4ae0b4b9095a1973215e7b0916c38ca543842857fe7
SHA51273631fbaa938dba1014ce74d4e3d4369ca2bcebc8342c64f4c0b114e56e6b18859161864b1aa6303b64ff212e6b7da4d716ef1c94ca937cd8bd66218920eba01
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir2520_1765942567\60f66f7c-c0f2-4518-81f4-141a66923a18.tmp
Filesize153KB
MD5cc05ed3e66468e692745ba6563c69740
SHA1eae9dbd4d36aa91fd43f7d452ac3d252b103759d
SHA256fb1311fb7142825abacb3c7aedddf948f5c9b258e447c953ce0f7f4b19c6dfff
SHA5124b527db02d6ea36b914558a3e44fd3d15772bf2be4ba0a640bf70427af07dcde5ed6967930cc3624a244cfc82290f125eea2754812586216b3d5a37757ce8db4
-
Filesize
128KB
MD51559522c34054e5144fe68ee98c29e61
SHA1ff80eeb6bcf4498c9ff38c252be2726e65c10c34
SHA256e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509
SHA5126dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c