Analysis
-
max time kernel
127s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
A_Bored_Guys_Adventure.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
A_Bored_Guys_Adventure.exe
Resource
win10v2004-20240508-en
General
-
Target
A_Bored_Guys_Adventure.exe
-
Size
638KB
-
MD5
e8d64c4f4a60e01478ee4743ed274000
-
SHA1
a8cb531195cfd7cc5e505474762830276afa5486
-
SHA256
285f49233b3fe38b081bae7796417c87144e79443dde0701a157f75135c07bea
-
SHA512
a5f713414ff8e519673879e078056e19ac8190851d2ee478396ef581654d1de892f40a017ccc650ff58618ddc776972c5f9f13445c8336adce500afb5a3c5722
-
SSDEEP
6144:yEbaWnBUC5bze1ov2Ms0mtVwsnIH5LkKQgF3:yoCCFe1c2XB6wIHx9J3
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 64 discord.com 65 discord.com 66 discord.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AB01FDC4-1A33-11EF-92F1-E659512317F8} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2136514697" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e387b9b7780e241bd4d2d5013251a2f000000000200000000001066000000010000200000003707d732f31636ab175e3387fa22a9905541f244504b8341c7b5127b2e51a996000000000e8000000002000020000000e8b0bfba2aca580913223b307c61f856a563b33eb293eb0ab20dcbbeba78aaca200000000f5bd8dda8a4359eeca647876ac59c0678dd3f71d1d12dbda3f7179ad59b928f4000000063a90f8e38cf372d866bf55df591f3ce631d764a805530997e29adacfe48bec6044314d88a2ed22e8abb2592b213d7ed7d06f6e54a192d4d613b17d0c5435dcc iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f074028240aeda01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a0098240aeda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e387b9b7780e241bd4d2d5013251a2f000000000200000000001066000000010000200000009082c0c9bfbc34a39de7413e89c5f0f05ccf069b2a16d2dd811af54d024a4e12000000000e800000000200002000000081b77d9aa3710f68dacd8166adc5c47b3a2a09c0e2dcaba476874c8c8a3af747200000002aaf0f33914f5330ad66a1fd447393bbc751e0471f3a8dd0711185bb372de665400000006b606cad9975296fd2b937350f771114ff19730bfe95927dd49334ce3656b3e79452df8203d79867a7189eb054566c247aad8ca6830aef388494bf97c6b6f99e iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31108672" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2136514697" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31108672" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610730856464489" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{B3A417F7-3124-4BEE-A5D5-999EE1245D1F} chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1832 chrome.exe 1832 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe Token: SeShutdownPrivilege 1832 chrome.exe Token: SeCreatePagefilePrivilege 1832 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4312 iexplore.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe 1832 chrome.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 4312 iexplore.exe 4312 iexplore.exe 1956 IEXPLORE.EXE 1956 IEXPLORE.EXE 1956 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4312 wrote to memory of 1956 4312 iexplore.exe 97 PID 4312 wrote to memory of 1956 4312 iexplore.exe 97 PID 4312 wrote to memory of 1956 4312 iexplore.exe 97 PID 1832 wrote to memory of 1928 1832 chrome.exe 101 PID 1832 wrote to memory of 1928 1832 chrome.exe 101 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 2124 1832 chrome.exe 102 PID 1832 wrote to memory of 5060 1832 chrome.exe 103 PID 1832 wrote to memory of 5060 1832 chrome.exe 103 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104 PID 1832 wrote to memory of 2392 1832 chrome.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe"C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe"1⤵PID:2276
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -nohome1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4312 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9d6ab58,0x7ffcf9d6ab68,0x7ffcf9d6ab782⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:22⤵PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:2392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:12⤵PID:2308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:12⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:12⤵PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:2388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:2992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:12⤵PID:2040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵PID:1484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:82⤵
- Modifies registry class
PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2944 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:12⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1752
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x484 0x3001⤵PID:4592
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a75e18dab92df16602b0cef3fbf040cd
SHA1beccd921f4532e1be3b38e262cba44687ef09506
SHA256e15818b2538668a6b27ecfcb4b9abbde89c295cc4b11c42374a6e3ab97b3eb02
SHA5124881c34712ba33efc406a66daabf978ffcc3c4f1a31196f24f7f484a157f4ea1b8edbec3347b5636bdbb91dc32f33458d3af73abaf358466e8acf3c2d6cc85f2
-
Filesize
2KB
MD5ab2614b82e2efc2f37ffab152e7f2539
SHA190b837c0735321b6a304a55a69a9751c98a1430b
SHA25655be82be9a1ac355049c88b6a75ad213e7a7b818a92c84b4fb2e4173174af299
SHA5122a4bda2d70d9136d40bef17f74dd3a44b98659f7b89f2b6c197e9d8d377ac5e316edaa5a861a9b7dbfa22b0eca3aaf4fbab6f66f4d944ef690627c7a1eaf03cd
-
Filesize
4KB
MD5eb5480f28414d96142749b179cc2fb79
SHA1894840312b94ae2bb2c4264a29472ab13e0a8578
SHA2567856230815886dd3287d1f46fa41213c7fac0b53c2f22e65a10bfd07e130b1f5
SHA512ef3860f116ec0711c02bb990b353d643ddc396d1b14d71e003fda15c9fa66c428fac06046f0bb3ae0b9c0c59277388e6aa08f59665cdd25458d2094a136a5382
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD572093c4d0373b0f60989800ce06ef544
SHA10480d35320f5fe48ce17fd4518f4ded2a608c588
SHA256278f1dde4b1f96ab611dfc440c5c15451cc2d91da3448d3abd18804c4329393d
SHA512236e5058e0a5d937b097fd4f8c519c84665b3570ace85ef3803e66605e18164f9d486e227e89c125396c67d86c478319479e686a6ca1bd15f1b1070e60dc989d
-
Filesize
1KB
MD581d915319085d34e11e17c8e2c065a7d
SHA1ead7638aaccc75f625bc4de568a54382c4b2ad33
SHA256c73ea4811dfcb6e1d08fc695442c4319080ab1311cf27eebc094670d5b9f26a8
SHA512bd7df44487b197fea1b4e9bc3163c5b5ec2ca1f9bed314d8846f36e90fac53e521ffa359e535f902b28743771509feb09c6dd4e4219b50ee03d309090d9bd992
-
Filesize
1KB
MD5a8ecef6d2b90287d8b7cc5036342e8f9
SHA127fd3f2dc6674a8ac087f8c5e276659e15f93486
SHA25675b652aea049488c6fc3b66e1d652d74d9377bb2f4c255dde2e80551afcee254
SHA512c15ba657442a7768134945042aade7739df48ff153dae9c570f0f7a64c32904948221c9757d67526d17013b300bd88408a8cb6a113c55639355e2de8980c9441
-
Filesize
1KB
MD5164be9506fe608a99d132b4a9dd33bc1
SHA1074ac4c767be45363cea779e39dd3724fb75ac83
SHA2565550e700bab3cd2313b381829d96b8d581fe9066a673a5ddb4e43de4f7074616
SHA5126e6257a84e9f8bff107d085fc91bcf07c6e1ef4bf495e7c19e4eb6ae0b7eebc2d527bec02ec090000d617c9747150cb55cd369d9f5f8576589145f85dd4b0bdd
-
Filesize
2KB
MD5a0079a74343b3f9bcf8d8f9ea80d78af
SHA13153b70d21b54bc9f4c48ef48160dd06bd934713
SHA256063cf05d1fcc1a704577f0e36a008386c8fd4e1b1a07eee7eb8ebdebdec8551a
SHA5126adde41e1661aa272d360433bdfe181c81174217613772d5fdddc49f883240020d11d01fdcdff657642882718d5e5cfd70f4ce5e807ffb5046e55f3a04121a8f
-
Filesize
2KB
MD52397920f033aad59a961df57cd20f430
SHA1269734e81e8dfc0b8a07a198115b19f62f0ac090
SHA256a859db109b25721115d02555319708372fc71693552eed18c9bfafacf0f91c52
SHA512cd8408b80296e3d8435ab95bd0ec73296730b2f033245f77cb2558425a0d35b1a98457e46d581e93e2f3c48838a168a2dd4cf6321e2bc23d342254a9100f35e2
-
Filesize
356B
MD5b5dd276dd7afeea110dd12d6b40eeb46
SHA1f90aee2d680d4d2294699fb16f572150f0fce34f
SHA256ddebf07baeb6648f4d2cfe6cfda3b79e030e1a05fe5bcec846fe4f0e52f93bf1
SHA512d27169bd7ce9e4b0f89fc86780f7153a1bc57434fa829ce54283ab3c2ae2741d1f94b7c91938914d6fc3502d611275f450fc1aa041765fc2bbbe8ee31025503a
-
Filesize
6KB
MD59bb57120d92e117d9ebc23b6f34a3a3e
SHA13aec12360355a3b1ed755dd8d49a8b7b1c47d678
SHA256d817edf7411662fb49922d4b11b01cd924e71f650ee0f843f395f116a23bfa15
SHA512f1d1661b8790bb8ab555219297b50bbc7f85c30b7f0066ee3d8ddd1e07f1a0e09bb4b6c7e0157138866d3b231b82c7bfd95d3559d5a18689651f72a1b82f6d83
-
Filesize
7KB
MD500c70858b68a63cc02e252a8a5fc585a
SHA1985e00233471c2a12924396ffb74e201179b3693
SHA256c1fcebbdb1f1d4413fdbb8bac2eba4dc3f6fb2a0476cbc06ed9ecff3185003e4
SHA51209d8f60aa6ca5f2cc1384bb451d08c45c2d6af692c818a545b665b6bd06dc4ff45453d0600957218d0564ae1880caf709c82a316ccf27eb4462a1c31a658c8a0
-
Filesize
7KB
MD5749504cc570e6e9d8c137fc27a2650ae
SHA1c52f9f7e4a94b873115d021b5aeaa202f469e81c
SHA25639e9fbbd2c9c5bd8b3fea91c7318177606d48233b1ab9edb3f0d621fad1503c4
SHA512fc146aac821d6083160acf122cd0c26bd09b13c785104dd8485fdd83dd7c8367d4d30d5507f643f5c534aad55fa5c6b99a012ec89a914bf89eeaac73b99e8e72
-
Filesize
16KB
MD5dc83aff873a02f86824f3c53032b4ca4
SHA1553681e7fbf54af8e7f2f0babab5adb32415a9f7
SHA256d78b899b6060b677ec5a5f553e51b2d9d006f96e12ad462f6300e13e1f5502cf
SHA5120f3abe63221fe5763d69030417ff9a2393cb0d1911fac103f2fce4c1047fd361c813b5b9622b3f83f8f56a7defe205652594b03907ffd6b085e612535ea18661
-
Filesize
260KB
MD588099c368b9980cc7d1301b1d771c080
SHA16397a0ed57b2df9b55c84ed54da9468747ea7717
SHA256f803346be062baf86bfb3ae9b246dfddd1dd9852bb94fca80ebcd2bfc7f77a43
SHA512e16e0bc8f90f985a262b51bf69fd8f6c34ddd5c14361b0b1a2508b850a08b5a9c210454be2794a7bace165f7a7c9e021c54387c7d20a0ac7983174c7381d169f