Overview
overview
7Static
static
3GDLauncher...up.exe
windows7-x64
7GDLauncher...up.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDIR/app-64.7z
windows7-x64
3$PLUGINSDIR/app-64.7z
windows10-2004-x64
77za.exe
windows7-x64
17za.exe
windows10-2004-x64
1GDLauncher.exe
windows7-x64
7GDLauncher.exe
windows10-2004-x64
7LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1chrome_100...nt.pak
windows7-x64
3chrome_100...nt.pak
windows10-2004-x64
3chrome_200...nt.pak
windows7-x64
3chrome_200...nt.pak
windows10-2004-x64
3concrt140.dll
windows7-x64
1concrt140.dll
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1icudtl.dat
windows7-x64
3icudtl.dat
windows10-2004-x64
3libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1Analysis
-
max time kernel
140s -
max time network
165s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 17:44
Static task
static1
Behavioral task
behavioral1
Sample
GDLauncher-win-setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
GDLauncher-win-setup.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app-64.7z
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app-64.7z
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
7za.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
7za.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
GDLauncher.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
GDLauncher.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
LICENSES.chromium.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
chrome_100_percent.pak
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
chrome_100_percent.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
chrome_200_percent.pak
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
chrome_200_percent.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
concrt140.dll
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
concrt140.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral26
Sample
ffmpeg.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
ffmpeg.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral28
Sample
icudtl.dat
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
icudtl.dat
Resource
win10v2004-20240221-en
Behavioral task
behavioral30
Sample
libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
libEGL.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral32
Sample
libGLESv2.dll
Resource
win7-20240220-en
General
-
Target
GDLauncher.exe
-
Size
142.0MB
-
MD5
51dc199e41223520217f34624b276e18
-
SHA1
0ce3f6b9a26759b21a23bf25ed34b1b7ce624295
-
SHA256
0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50
-
SHA512
c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c
-
SSDEEP
1572864:Zx8e2z2aMcuE5p9vzLECsyP2d+J/AG8TQX60:vLabp9rY/W6
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation GDLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Control Panel\International\Geo\Nation GDLauncher.exe -
Loads dropped DLL 2 IoCs
pid Process 1676 GDLauncher.exe 1676 GDLauncher.exe -
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open GDLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\GDLauncher.exe\" \"%1\"" GDLauncher.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher GDLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\URL Protocol GDLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\ = "URL:gdlauncher" GDLauncher.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell\open\command GDLauncher.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\gdlauncher\shell GDLauncher.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd GDLauncher.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1676 GDLauncher.exe 1676 GDLauncher.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe Token: SeShutdownPrivilege 1676 GDLauncher.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 1676 GDLauncher.exe 1676 GDLauncher.exe 1676 GDLauncher.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1676 GDLauncher.exe 1676 GDLauncher.exe 1676 GDLauncher.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2492 1676 GDLauncher.exe 27 PID 1676 wrote to memory of 2424 1676 GDLauncher.exe 28 PID 1676 wrote to memory of 2424 1676 GDLauncher.exe 28 PID 1676 wrote to memory of 2424 1676 GDLauncher.exe 28 PID 1676 wrote to memory of 864 1676 GDLauncher.exe 29 PID 1676 wrote to memory of 864 1676 GDLauncher.exe 29 PID 1676 wrote to memory of 864 1676 GDLauncher.exe 29 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30 PID 1676 wrote to memory of 2176 1676 GDLauncher.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:2492
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=1368 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:2424
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1580 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:864 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"3⤵PID:1288
-
C:\Windows\System32\reg.exeC:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid4⤵PID:1728
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:2176
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2288 --field-trial-handle=1152,i,13365247124713921637,6696972492121507267,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:1584
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD527fcd4a9815d29710da0858d61d3716d
SHA178a12995e6da52af70ff96b475b39d771ec05195
SHA2563b80ac7181ab41c1288e6f3c86afbba691066e9a53f5b67d62c33d8c66e00065
SHA512cb1aa26c4bd17ffd46c1b951c6a7aebe40b328304a8cd2c723022ff2e0be78ec864e2735beb9e72afb1fc7752252c34940b7554e1032325d0c26a7381e78097a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fafb496a92a4d39680e0f23c9fb30c79
SHA1296c289236b16d6be3569ec2fb3c2a663dbb7bf1
SHA2565d13e7866f13ede1ad66f77844387b0f4b981a7d9c048c4944dfde9f920cd75f
SHA5122321335f937f399b8c285470cacae62cf6048eec926c0010b6e81ba2fe0f2c35bc5909834b3c2339f4e430a5dfb0546df8998b71b20aca83e8e1e8b313ec0b1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58820527c750a89234a78f7e24e22adff
SHA1d82881fa3418c373061ef57cb6cbc333367c49af
SHA2564716eda216ef8e8bbf9de8c008ce08cca38f38e701f8107b37682e6f43ff011f
SHA5120c444aa817254a4f1202f1c5cc97c9ad7b0b9885998a05a82a20d058c410cd99126e2f86a2cc6c92aa2814a07be0c9b94e59bcbcd4086af3052499a8d995673e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f4b549cc69c12a6c3a7a4646fcc33873
SHA181cb9a62a21bc975e3cb890411102edde1056da3
SHA256e49a62bb42a8fc00e7f5d8808e8e9e41092c0fb393fbbfb294e686f037b1def7
SHA512b8f5a008b970ca50d9cf8f4f35878d321057dba561c6e696f053bd29c05f0745fc4e0bd1e70a333e537c0b3523aa2b2e683157221060b2212942e952ecd42385
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a695cb857d4ad0679bbd7f790dfb528c
SHA1f77ae279bd4835429d41c52d8d57ea1a0e3d50de
SHA256839bc3db290024cb119bf96e7403936eaa139c246df9c511fa9b863fa316a2f2
SHA512e4cef7305ba1128d3f3aa3e472d2f4414e5da61697ea8abac82c30e75f4da80ce86dfa87a4077b3c81eb25fc7fd22998c1b9571004af098f8020e893f7359883
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5732ed1744e4c924a6c8394e4fcab1a37
SHA1c0d9f34c14f89247c3efe6a5c3a3b527bdc8f5e6
SHA2567af8400d46b4cd21c5c7e7ca6f5255e3b22ec8ea56286afae02d560331e77809
SHA512e7a3ae3865f73258f08e3a9887b347d70501abd6986d54eb6e47b1b03a10a4211a11817c3d34abee7a325adf0bc35440954ab3c173321495e4ac8d1650659369
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52b88c2a18494781f867b93b8eaddd696
SHA1512518301716fa9efdfa91e21e24de6f3e2c9bdf
SHA25687b6b28145c35e77456f9d7f7cd2cfcc34bd187706eee3e35a1681b9aa0d801e
SHA512ebe80ba9d77aa8e490729ef73b2dbf8c6b38537650edde75551a7fcdbca60b2349f1494932b2dee55646072b75cf07a2eaa57b2c9e4ca287d7c81272eab1628e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f963a40bed8a8f8ff151a70d3aebb198
SHA1239a03f4fe1156ce4ab8dc5cb2047ea51cdfbcf3
SHA256d2e69bb34974f207dcc13914a6f36ec45b4cc42fe59ce85ededeed4b5cbb2047
SHA5126f00e57b73cc3449d54ddc2cf76147a160e6aca55befeb4577bdaebad9c9fef39e42ade634acf9e9c877d175fd664ef9b4fb4250f8ff708c0137ec3c45feff62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a8626c609a34af034cdbe7a16f86d8b
SHA177ec00b381f30c8c1b4fe7af5cfe12621b284e2d
SHA256929d1ce62d7d8b3c35d6590d94c1f92dd75e927756739db1b00431f5a9c0a016
SHA5120f46c80ff730f9255e36a4a8d8e995fe131a644d7186b65ae65302b6a14792107f2edaf1f86e2beedbcac25cc97eacf5ff78be31789aa61164790261c22e132e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5839d4437de9ec674838a04e61a9b59e0
SHA1261ea9306c57e9fd0fc16ee6e2373f15caa4a7f5
SHA256a64c7bd674b78bbd6e51999397f21825eb9bffe81f7297995b9b8c198fa7a8e6
SHA512c69e55a410548d8a4e6fecde3c4b9c5e4133970c73041bbc0077f6a4ffbf5d94a61902930ca0551236d5ee8436c83cabc27fedb61860384668ab6ef3c7b5ea04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5500cac0b32b7e58131edbe0d5f780186
SHA1aa61d1680f36dd7bbd33cec6b5b4e0717dc63d63
SHA2565ccd0cc19926e2414cb90ead1967bc046f835c9da0479bd2772d3bf5b1db7f7c
SHA5128cd2dea1302b2bbc7018655976564e069b43827cd2d10c7628cbc85f929ed968c9b0afec95d974f67e7bf49c4b69068a3b993b98818ce763ac94b7e06bbb113e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d47ae6f668c020565ac24a11c751f710
SHA12855e045ac0a59b3c2dab12d4646e95d368a5ddf
SHA256ea119497c35cea84d4efd6097926235edab52eefce8a5c30482076e1e716d122
SHA51255da8a08cc84c1a00845ed0342e378b46711590fc8a9d8bbb7182e89df2b2d3a3db77ab6681d5fbe9bdf456e8ad8c5f837b711979d5feb76b43b6525337a6320
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cf4b496f78ac5df5066e12585fe64a27
SHA11724ec43429ff5ea2d24af38b5f2acd75355b697
SHA256de14ad37ac82b22b5abfba531873af23503948ba40c340db2d7c552abaf54f9f
SHA51251488fe5a9a291e2fd7e9a7a6595420ee7297186a4747bfc1c52c0c7d4708796c0101f2d6da86d0fbf0fc23fe5595dd3b881be9d27976de5fc72902cc3610e24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e24f6229c803774344ee4fcae5ca2963
SHA1d79a17fcf8c57b2647ad222f846afe62dcff128b
SHA25685209279a8c447ea1bfdbc9198015c742e95ab0fa75ca0229616a1c7183dffc6
SHA512f8a9cbb65b1a7a9bbd66aae2a1c19f44ad27d2671a0e25323acc19418b6e63e2694063b5cba72932844c5c252abc967cf6cc2e225caa172d39e8637eea253e73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fcae8f6e80d4ec221f71e67f01ddd6ef
SHA15d97599b92b621d59b2d85e1351095448082588b
SHA2567a0c3278fd18fe21d6e709abb31fea542d51d5d480581897e0fdbe87ce10ff04
SHA512cd8219254e16d004a93689863169123eee77fbe5d797ddf307c889a1c033154392e98a22b7d1c8e60d907d06f7ff9d7f38465f51689d4c18e7025c8d48500288
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
441KB
MD54604e676a0a7d18770853919e24ec465
SHA1415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA5123d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
281KB
MD54cef69a682d9b896b4fff99fca80a08a
SHA185fcae77830c3e55badfac97badc97ee53d5ada8
SHA256bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738
SHA512cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587
-
Filesize
495KB
MD5be94689f0cf2f4e36ef77fff3b573460
SHA1f7187d89237506e6f50db5418c25b79cd1b3d271
SHA256a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f
SHA51283078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5