Analysis
-
max time kernel
200s -
max time network
215s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
28-11-2022 04:44
Static task
static1
Behavioral task
behavioral1
Sample
Synapse Launcher.exe
Resource
win7-20220901-en
General
-
Target
Synapse Launcher.exe
-
Size
787KB
-
MD5
154e1239c1bb0e04b18f27aabffcd6e7
-
SHA1
0c72c4db91b8ae7e10271aece8db7efb5271f8ec
-
SHA256
93fc4441b3648a74d3bc72cc5f34ced564ceca74a5e560961178b42a6c8416b0
-
SHA512
52d4b91f4610a53ad41e0c73d129b218551ebb70e2162e1c268d84030dc77bc5411926a15fa44ba62f1a93e1c757287c842a217ea25602fac0db157742ee2a05
-
SSDEEP
6144:ARv5ZcPe5q67ue+MNhH0X4wz2HA/z0OqysLAilL2hJO5Hp2y9z89S49htWZ1BXtx:ARv5OIbhH0IwzyE8LyspL9z89x+zHFi
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Lh8t1Mpq7.exe -
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
pid Process 1632 xIjfW.bin 972 Lh8t1Mpq7.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Lh8t1Mpq7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Lh8t1Mpq7.exe -
Loads dropped DLL 3 IoCs
pid Process 620 Synapse Launcher.exe 1632 xIjfW.bin 972 Lh8t1Mpq7.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Lh8t1Mpq7.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 91 whatismyipaddress.com 90 whatismyipaddress.com -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Lh8t1Mpq7.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Lh8t1Mpq7.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Lh8t1Mpq7.exe -
Enumerates system info in registry 2 TTPs 8 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName Lh8t1Mpq7.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Lh8t1Mpq7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor Lh8t1Mpq7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate Lh8t1Mpq7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer Lh8t1Mpq7.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 620 Synapse Launcher.exe 1632 xIjfW.bin 972 Lh8t1Mpq7.exe 972 Lh8t1Mpq7.exe 1940 chrome.exe 1532 chrome.exe 1532 chrome.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 620 Synapse Launcher.exe Token: SeDebugPrivilege 1632 xIjfW.bin Token: SeDebugPrivilege 972 Lh8t1Mpq7.exe Token: 33 2804 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2804 AUDIODG.EXE Token: 33 2804 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2804 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe 1532 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 620 wrote to memory of 1632 620 Synapse Launcher.exe 27 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1632 wrote to memory of 972 1632 xIjfW.bin 28 PID 1532 wrote to memory of 1572 1532 chrome.exe 34 PID 1532 wrote to memory of 1572 1532 chrome.exe 34 PID 1532 wrote to memory of 1572 1532 chrome.exe 34 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1140 1532 chrome.exe 35 PID 1532 wrote to memory of 1940 1532 chrome.exe 36 PID 1532 wrote to memory of 1940 1532 chrome.exe 36 PID 1532 wrote to memory of 1940 1532 chrome.exe 36 PID 1532 wrote to memory of 1132 1532 chrome.exe 37 PID 1532 wrote to memory of 1132 1532 chrome.exe 37 PID 1532 wrote to memory of 1132 1532 chrome.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\Synapse Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Synapse Launcher.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:620 -
C:\Users\Admin\AppData\Local\Temp\bin\xIjfW.bin"bin\xIjfW.bin"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Users\Admin\AppData\Local\Temp\bin\Lh8t1Mpq7.exe"bin\Lh8t1Mpq7.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Executes dropped EXE
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:972
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6964f50,0x7fef6964f60,0x7fef6964f702⤵PID:1572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1092 /prefetch:22⤵PID:1140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1776 /prefetch:82⤵PID:1132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:12⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:12⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:82⤵PID:2104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3208 /prefetch:22⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3544 /prefetch:82⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:82⤵PID:2372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3464 /prefetch:82⤵PID:2460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3548 /prefetch:82⤵PID:2452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3480 /prefetch:82⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:82⤵PID:2468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:12⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4184 /prefetch:82⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:82⤵PID:2884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4420 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4500 /prefetch:82⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:82⤵PID:3020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:12⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3376 /prefetch:82⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:12⤵PID:1052
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2fc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2804
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB
MD526b27b008c4ff0a10116bd1b8b6d070d
SHA1495cffb56086d363b43119fef145b917af2530b8
SHA2567dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70
SHA5127f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d
-
Filesize
2.3MB
MD526b27b008c4ff0a10116bd1b8b6d070d
SHA1495cffb56086d363b43119fef145b917af2530b8
SHA2567dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70
SHA5127f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d
-
Filesize
6.0MB
MD59b248dfff1d2b73fd639324741fe2e08
SHA1e82684cd6858a6712eff69ace1707b3bcd464105
SHA25639943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e
SHA51256784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c
-
Filesize
6.0MB
MD59b248dfff1d2b73fd639324741fe2e08
SHA1e82684cd6858a6712eff69ace1707b3bcd464105
SHA25639943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e
SHA51256784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c
-
Filesize
2.3MB
MD526b27b008c4ff0a10116bd1b8b6d070d
SHA1495cffb56086d363b43119fef145b917af2530b8
SHA2567dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70
SHA5127f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d
-
Filesize
2.3MB
MD526b27b008c4ff0a10116bd1b8b6d070d
SHA1495cffb56086d363b43119fef145b917af2530b8
SHA2567dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70
SHA5127f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
2.3MB
MD526b27b008c4ff0a10116bd1b8b6d070d
SHA1495cffb56086d363b43119fef145b917af2530b8
SHA2567dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70
SHA5127f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d
-
Filesize
6.0MB
MD59b248dfff1d2b73fd639324741fe2e08
SHA1e82684cd6858a6712eff69ace1707b3bcd464105
SHA25639943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e
SHA51256784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c
-
Filesize
2.3MB
MD526b27b008c4ff0a10116bd1b8b6d070d
SHA1495cffb56086d363b43119fef145b917af2530b8
SHA2567dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70
SHA5127f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d