Overview
overview
10Static
static
3Launcher.zip
windows7-x64
1Launcher.zip
windows10-2004-x64
1Launcher.exe
windows7-x64
5Launcher.exe
windows10-2004-x64
10d3dcompiler_47.dll
windows10-2004-x64
1libG1LESv2.dll
windows7-x64
1libG1LESv2.dll
windows10-2004-x64
1locales/bg.pak
windows7-x64
3locales/bg.pak
windows10-2004-x64
3locales/bn.pak
windows7-x64
3locales/bn.pak
windows10-2004-x64
3locales/ca.pak
windows7-x64
3locales/ca.pak
windows10-2004-x64
3locales/da.pak
windows7-x64
3locales/da.pak
windows10-2004-x64
3locales/de.ps1
windows7-x64
1locales/de.ps1
windows10-2004-x64
1locales/el.pak
windows7-x64
3locales/el.pak
windows10-2004-x64
3locales/en-GB.pak
windows7-x64
3locales/en-GB.pak
windows10-2004-x64
3locales/en-US.pak
windows7-x64
3locales/en-US.pak
windows10-2004-x64
3locales/es-419.pak
windows7-x64
3locales/es-419.pak
windows10-2004-x64
3locales/es.pak
windows7-x64
3locales/es.pak
windows10-2004-x64
3locales/et.pak
windows7-x64
3locales/et.pak
windows10-2004-x64
3locales/fa.pak
windows7-x64
3locales/fa.pak
windows10-2004-x64
3locales/fi.pak
windows7-x64
3Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 19:04
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Launcher.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Launcher.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral6
Sample
libG1LESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
libG1LESv2.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral8
Sample
locales/bg.pak
Resource
win7-20240215-en
Behavioral task
behavioral9
Sample
locales/bg.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral10
Sample
locales/bn.pak
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
locales/bn.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral12
Sample
locales/ca.pak
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
locales/ca.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral14
Sample
locales/da.pak
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
locales/da.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral16
Sample
locales/de.ps1
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
locales/de.ps1
Resource
win10v2004-20240221-en
Behavioral task
behavioral18
Sample
locales/el.pak
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
locales/el.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral20
Sample
locales/en-GB.pak
Resource
win7-20240215-en
Behavioral task
behavioral21
Sample
locales/en-GB.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral22
Sample
locales/en-US.pak
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
locales/en-US.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral24
Sample
locales/es-419.pak
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
locales/es-419.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral26
Sample
locales/es.pak
Resource
win7-20240220-en
Behavioral task
behavioral27
Sample
locales/es.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral28
Sample
locales/et.pak
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
locales/et.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral30
Sample
locales/fa.pak
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
locales/fa.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral32
Sample
locales/fi.pak
Resource
win7-20240221-en
General
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
1e2f4329fa2e58be78f5fcde2aeea167
-
SHA1
c2ecb4d0542c49d9e906d6173f77349aaa4749a6
-
SHA256
a92f3bb1a4d846b38e8422d7c492f638e6bf47081facbb22c92568118938d5ce
-
SHA512
8ae9b45f7427d83b5fd0afa49c920f79fc071f362dab0a4ef72be0fd19f5243779f071d762a66ffc2180121ded618e571470d3eabbdcf21b4125cf0b04ea62f3
-
SSDEEP
49152:3uhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccG:ny904wYbZCoOI85oyIV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533615555716425" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{EFA6E221-77C0-42D9-882E-99165365A075} chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 4788 chrome.exe 4788 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
chrome.exepid process 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe Token: SeShutdownPrivilege 4788 chrome.exe Token: SeCreatePagefilePrivilege 4788 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe 4788 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4788 wrote to memory of 3856 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3856 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 4828 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 2632 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 2632 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe PID 4788 wrote to memory of 3364 4788 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#11⤵PID:1668
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8f259758,0x7ffc8f259768,0x7ffc8f2597782⤵PID:3856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:22⤵PID:4828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:3364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:2632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:12⤵PID:1280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:12⤵PID:2888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4768 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:12⤵PID:2528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:1444
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:468
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:2756
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1708 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:12⤵PID:3616
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4604 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:12⤵PID:2368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:4476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵PID:1876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1880,i,15704521134548575727,16250482777256528611,131072 /prefetch:82⤵
- Modifies registry class
PID:1836
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4984
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f01⤵PID:920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\260199b6-c286-48de-b1cb-db3eecb7371e.tmp
Filesize6KB
MD5f2ac5500440a337f995b528b439e61a3
SHA11fceaac21f1d421b98e68c539397633f56f908d7
SHA256ea1dc4f4fa56a6d8a3f461f2c59824eb93ee39756dcb3d1809e5da46537e929c
SHA51257fd197b160b1dced99f620544e87ff5d7897a29eec6edf6e6697c3fdb7efd351ca815e40b35afe08d54ba77f9a3b6c15ed5ac652addc5b21a1fb6c5a29fbed6
-
Filesize
1KB
MD5adac5e956c5514618b859415a0f30596
SHA1cc286335a84b9c97b0407b0f8428f6bba5fdbce1
SHA256313d4db751586d4f0f1abfe16700b53fbe4840802596a5ffa44297e9eda8876d
SHA512384f9fc9f160e8a9549a6c736da79a53b70f894b972d6c3cdc498ff322f3ea0d684ad61d9d009fe60ca501cf486a221e8dfb54cd71061b4f39befdafb265193f
-
Filesize
371B
MD5e295267d850fafebcd545d0e268e407c
SHA17480fadc09b9a187b25fb489cf12ac63dd9213b3
SHA25635f361f2ac5a546988cf5fed7930158c8dbea2ea41e2225d47753bd7a24c46db
SHA5129bdfc227e38180373d58b78364cc0af06855108d1107bb97c4099bb6ffc88f27df1027aca31a80d1ee7768ea5f24853c59a76820f8fa7c794592989384c7da02
-
Filesize
874B
MD5aa8e4f493e4b02ef5464c742f95b816d
SHA1a8552e286d40b8ccbdc6629605244ed76164085e
SHA256b7e892035c9c3527a8f2a2d6678de5c970baa544f9d750b6313e995117d58932
SHA5120fb4b54e59db5d8ad2938095eb3fc3a3eacbea97f2561b83e2225b5d09037c9989ecaaf8ec3f7bcc590a68de465249f5e9e8e52485e184d557df1f151bd00b58
-
Filesize
6KB
MD52ea326e1ef3af4160e241ba2c9e911b0
SHA1babb134e406287a1a7698773b6fa660fb5620760
SHA25688c55555d03bb39b22715fc190f44225bff329fac4bd94e5e656be5c30a327c1
SHA5129a180cd6f68831499db990fa9443eff48b30c81eb9cca6ec96e6f21e0fcabeb987f3804a262410d9da8d67e4b0cc7183629a76273010ada0bf8b3a4dbf7bf002
-
Filesize
7KB
MD5bcd6f0ec63c6f9efc3cb0b03b2985abd
SHA183c7befc3be75a0203fd402854252c5889f24978
SHA25609352f0f6e6da47cc2f26e37b8398288191f35592a83a950aa14ec738d6c5abb
SHA5124401a7c1f62fa1dfb6e7f3dba8e677f7e0553c1a8a51232a02871415d92c00cbcd788af944aea66863a427e49249c9b03c9b7e189d0749fbd6fad050dea708a8
-
Filesize
15KB
MD535a77cbfbeb649c8f10c11a981e15a81
SHA1e19c7e6cfbb74d51f8a1e446917a72bdd47aa0af
SHA2560b0350231c06687e2f80c722b6aa64c80cf9756a549b388115cedae745b9791b
SHA512f8d8ef86e477c7b418730af4155b6d6106cc6450d565ecfd8dccca684afc8ff0092c7f77ca4656c147067dc487368b7b417cfc03dca7db0a7534f15d16eca37a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize176B
MD51fe3b247cc797b951eaf6200445a4f6a
SHA1d3761245b3db9e038c40821c48b60288971e772d
SHA256f3d0a9be74863fbc44b4b44ec890a0d4a44b24ea95f3a096281284491357916f
SHA512656059b65a6fa3de330adad39b3ba929b2a4b7e0be462d7a4d182d6231edf9d089b8f3333a53d77efdd2399ba3270682f20cd1b02792eb5a2d08f428472523e5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD5413557aeda97729d270b2e676e0a6fbe
SHA1303f9149f8abf2aef795b0a777b50bb21e2341fd
SHA256a2780738f53efe0fb94cbe0a3de5f2c85ff3085a4854df1f999ca9ee05e20eee
SHA5121b5d8aaa9941cd31ef1aa4a910bc6637a7c4cf1484ba4fb798294bb984b569c36f7f962b3c4d62a7891d219c50e0a6b2bf2dec1a2eb508684f8875ee7c7e603a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59af41.TMP
Filesize119B
MD54b3117b681836954078b71fb133dca83
SHA12847cdb3874ba7bafb6b89268fe102a9b3f8629b
SHA2566dae31ae8f5395b5d2470ca74bea7a98d9b85440623d85488c9bff97203fc0c1
SHA5126dc237baa6845f9fec9f8b91e47e1e6a630f215870193cca98aa61bf9384808bae2566dd337a1db5b9c93b0fbf7748e2beb1fcbf066a95d31a5916075f35653f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\1\512.png
Filesize10KB
MD57f57c509f12aaae2c269646db7fde6e8
SHA1969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA2561d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA5123503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4788_1759199787\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize2KB
MD512a429f9782bcff446dc1089b68d44ee
SHA1e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA5121da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4788_2344300\Icons Monochrome\16.png
Filesize216B
MD5a4fd4f5953721f7f3a5b4bfd58922efe
SHA1f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA5127fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691
-
Filesize
257KB
MD53990227605365f4de6a06d242911fe74
SHA1f7dae2d381fbb4f70b43bc1b7f876989debe6dac
SHA25620afe96fb362e40149f8cc5fe713b629db22b001f49525f9db81e3529c8765d4
SHA512db5dbfde2b4592336ba2a134ee5c99316f96c68d2d2652e6869134bd8f03b1cdc5030233cc903b7f2886121ad3e64673bdd14de2c3899c6b898db2a059c5a4fe
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e