Overview
overview
10Static
static
3Loader.rar
windows7-x64
3Loader.rar
windows10-2004-x64
3Loader/Loader.rar
windows7-x64
3Loader/Loader.rar
windows10-2004-x64
3Loader/Ant...sabler
windows7-x64
1Loader/Ant...sabler
windows10-2004-x64
1Loader/Gam...Inject
windows7-x64
1Loader/Gam...Inject
windows10-2004-x64
1Loader/Gam...meMenu
windows7-x64
1Loader/Gam...meMenu
windows10-2004-x64
1Loader/Gam...Status
windows7-x64
1Loader/Gam...Status
windows10-2004-x64
1Loader/GameDetect
windows7-x64
1Loader/GameDetect
windows10-2004-x64
1Loader/Launcher.dll
windows7-x64
1Loader/Launcher.dll
windows10-2004-x64
1Loader/Loader.exe
windows7-x64
10Loader/Loader.exe
windows10-2004-x64
10Loader/Upd...pdater
windows7-x64
1Loader/Upd...pdater
windows10-2004-x64
1Loader/Upd...eb.xml
windows7-x64
1Loader/Upd...eb.xml
windows10-2004-x64
1Loader/config
windows7-x64
1Loader/config
windows10-2004-x64
1Loader/mainf.dll
windows7-x64
1Loader/mainf.dll
windows10-2004-x64
1Loader/mco...ig.xml
windows7-x64
1Loader/mco...ig.xml
windows10-2004-x64
1Loader/Password.txt
windows7-x64
1Loader/Password.txt
windows10-2004-x64
1Analysis
-
max time kernel
41s -
max time network
85s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:42
Static task
static1
Behavioral task
behavioral1
Sample
Loader.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Loader.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Loader/Loader.rar
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Loader/Loader.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Loader/AntiCheatDisabler
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Loader/AntiCheatDisabler
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Loader/GameCheck/GameInject
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Loader/GameCheck/GameInject
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Loader/GameCheck/GameMenu
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Loader/GameCheck/GameMenu
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Loader/GameCheck/GameStatus
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
Loader/GameCheck/GameStatus
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Loader/GameDetect
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Loader/GameDetect
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Loader/Launcher.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
Loader/Launcher.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Loader/Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Loader/Loader.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Loader/Updater/Updater
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
Loader/Updater/Updater
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Loader/Updater/web.xml
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
Loader/Updater/web.xml
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Loader/config
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
Loader/config
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Loader/mainf.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
Loader/mainf.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Loader/mconfig/config.xml
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
Loader/mconfig/config.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Loader/Password.txt
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
Loader/Password.txt
Resource
win10v2004-20240611-en
General
-
Target
Loader.rar
-
Size
3.8MB
-
MD5
5e3a0bd1b8b4f6fc78799640a591854c
-
SHA1
3cb646c96028a95baaf9544ca118d38edf8142e2
-
SHA256
d53ec75650708643ffa5b731782adfd3e3cf910142510e290dd6c8e6ca403001
-
SHA512
8e43b5f4769db9ea0069ae591282ebcd89d5229e210f3374c5fa9e6cd507fb4939f89873efb7c31be021b365e9a4a39f6131583e72eab751bfe64005d3ce7719
-
SSDEEP
98304:++Vnp8HuN4umIeUr8A6dIoYzMl+/lHOlmvLYdZEyE:fpeulevALXZlI8GZEyE
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2936 vlc.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1648 chrome.exe 1648 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2936 vlc.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe Token: SeShutdownPrivilege 1648 chrome.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
pid Process 2936 vlc.exe 2936 vlc.exe 2936 vlc.exe 2936 vlc.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe -
Suspicious use of SendNotifyMessage 35 IoCs
pid Process 2936 vlc.exe 2936 vlc.exe 2936 vlc.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe 1648 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2936 vlc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2700 wrote to memory of 2604 2700 cmd.exe 29 PID 2700 wrote to memory of 2604 2700 cmd.exe 29 PID 2700 wrote to memory of 2604 2700 cmd.exe 29 PID 2604 wrote to memory of 2856 2604 rundll32.exe 30 PID 2604 wrote to memory of 2856 2604 rundll32.exe 30 PID 2604 wrote to memory of 2856 2604 rundll32.exe 30 PID 2856 wrote to memory of 2936 2856 rundll32.exe 32 PID 2856 wrote to memory of 2936 2856 rundll32.exe 32 PID 2856 wrote to memory of 2936 2856 rundll32.exe 32 PID 1648 wrote to memory of 1112 1648 chrome.exe 37 PID 1648 wrote to memory of 1112 1648 chrome.exe 37 PID 1648 wrote to memory of 1112 1648 chrome.exe 37 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2032 1648 chrome.exe 39 PID 1648 wrote to memory of 2092 1648 chrome.exe 40 PID 1648 wrote to memory of 2092 1648 chrome.exe 40 PID 1648 wrote to memory of 2092 1648 chrome.exe 40 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41 PID 1648 wrote to memory of 1332 1648 chrome.exe 41
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Loader.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Loader.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Loader.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Loader.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2936
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6739758,0x7fef6739768,0x7fef67397782⤵PID:1112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:22⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1512 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:82⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2072 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:1988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1624 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:2044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:22⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:82⤵PID:2580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:82⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:82⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3832 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:1364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3876 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:82⤵PID:2096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3892 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3596 --field-trial-handle=1276,i,13812515407232750411,16890709753025745139,131072 /prefetch:12⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be2338b462cac3ea28cfa28ed41698a0
SHA1b0dc3c4a21b3132d2414e26b0f8906452c151f33
SHA256bd823a4e39d86995342bee59a72f8de0514ebf78b52e77c076239d3adb235d4c
SHA512e4c240b9939ca8025d46aafd76afa8b28720b9b4d0421e5feb47219f04c914a96666f8f508345296252c2805ef53097d8f2204f6802e1dbddcef7a02019188ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a45f8e47135ca2a5195935b881bde69
SHA1a1a2ccd425abe7f5b990257d0781afa100a97acf
SHA256bef810124ce0b05628c437723ca0437016053176996b86921de0029045c9a622
SHA51202f3fefc179b066cf0160a76b4325f39e369eac08453a6bee080ce82d5547afc1445438bd2b5087c196d229234d354fdd7873f020ec0f50776eacbce1c9454aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512af6338923afaf932e46bf03a06f9c3
SHA1c6d754fd122cb611d22821513f8aeb218161b359
SHA25691454ca08fa2caef28ef54baf15ed90dbba43d6d6648ae3edcb3c39bea4178c2
SHA512052cdefb85d9b62c191a1ba35bb657f9dad8e23283f751749ebd9c3af8dcee1dc0f83c0540a845265901ee27de1d14d32a1a95d28af8af33a17401c97e186a27
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a30b03824c0d2224e13d00e30a1cf8c2
SHA17ef4b4c954cd991830f6960af8f9ef08123298ef
SHA2566d802a4803fbbdaaeb9ca27e93b7d08f2f49398e6ef4a0692e07e28e05f4b5a5
SHA51266b3d5cb91236373b45ea0b433f06fe048ab3b2eea1b2c9486c4cfabc91ac0e548ffc34164732c00802e0715ddd728def0dcbe2009c96d32a17fda1296c2bd6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e99f2da868ea9920d4108aac840e4763
SHA102f3b138922322b05b7a10c4d305a56691803960
SHA256183333f00e36dcbe355785e48d15d8d96b7209599e9209acc2a6f0cb269fdf11
SHA51250a5d908a009099bbb45180eec05cb9ed7124c9ea343c8030c381b693849f3641ec86c3d33094a22ac60b37207dd108d751e0aec4464dcd61cb6ff06c530142d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc29825f28e6fcfa0370dedbb85b9a65
SHA141f898e884ebecad9ac4eca13b605f591f803c92
SHA256dafef50d1614aa920336555e050dbcf76ce1946c631d68ba22c2bab8df028a20
SHA51291626c5abb2b3bdf6fceed0966d01705400c200784154988e39410ca5e1b7bc06772435e8e67af89194360b2a02abe629023ad49befa42b3338bbf6d43a3f4c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b826584260cd3343d1075d60703c14c4
SHA1a6eb9042e5c5a4cd7580f55b97069faf712a4930
SHA2565dd1f41eb28a1140096267edc0c5b3e728a3f65f262ace68f4fe377cc94daa47
SHA5123125c8e8472706c1747cf106fbb996eb1d55763bcee8ccbb3d7893b1f7e25ff64961857de80c18f6c411ca1d464b067915a6bb754cb30416cf28c379a8036838
-
Filesize
294KB
MD5bde64fdb865d629a4c626197074bf337
SHA1bf8aa2bd1ad4adfadf8fe6b0d6d53f89966e6893
SHA256b74fb8269679230c0838e8aa8ce788e3d809938b148b4c32cc96348c7423691f
SHA512d8a4ac3f59dc7447987766485bbc1fd2d4699c54a08a92589412ca87b5ce15499fb39da0955a4d111feef56a37c2a45ab4ab248dae86958f37e0a3662d40b67c
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
361B
MD5be9770241bbfcd001d597dfeb1257068
SHA1b94c39b1c4acf23a2e9478a39409f439e127dc11
SHA25608791007be981f3ee50e6d0ce9c6289799bebce54920524eeccd00e626b54b16
SHA5122b03754d8ac738ce061199831687b6d496fc727164d82c1eba84e93e51fd154b9ca27812ac5ef65f39fa5eb87d2adadee79381ca12d698e59a187c81171d340a
-
Filesize
361B
MD5b13fcaa74afdc2c0b099c1dfa9c9add2
SHA161df1caf95b28a6baa1847001b0c4ec61e25fe0d
SHA2565aeec2e384b483b23b59c2edb21793fd204ba271c5053d8555a53a8b24e0cc72
SHA512641890457e196516dbe608f8536aff59a89602afc96d6595a9d5671e9915776f562eed3254926bba8e8d3b2cd11fb3b30a6e32e64820ebf226b8bcd64d5d0843
-
Filesize
850B
MD5bb43e54fbceee198388f594c92952a50
SHA1f24843eb3c2619c2d287523b54025d9bd554e503
SHA256e6227549bb49be116b506c687e90ec12d14f652abad9c4b19bcd9074f2eb94a2
SHA51224c034ac5f6b11da16c5e50b7f55c9076a9c898e5d985b92d0685013f7c48d6f1d5ab8be5d53614966997808f03ebe433983e8f0adbd4c37a23192d04752e836
-
Filesize
5KB
MD5c4e7356e88f480330b52d50ed74e5ca7
SHA1d7c79a63b35ba292118be46a13dfe3373f54490d
SHA256c43d0b68d08287ae7646d465d68eda935b851236059ab4ad8003b73bf4983be2
SHA51264a5542c36d77d5ee08d4d1bdc788e4e1dfb9dd6dbe3729690ff03ecf0cda62d7d65af11418aeb1ab3e1e4ee4051276bb5563a5cbd26ad12a35e9df418982b3e
-
Filesize
4KB
MD538b3861e73436cec10f1bfe202e61558
SHA1f9e65694e31aa7151a6967988b5b31d5857ed68b
SHA256257d102e71bb1d81af94ae9c17bb9c13d893456ebde87c91f0e9abd2783c5435
SHA5128d8fad7bc4fb4ae5dc102900586592a579ffc8b915480431102bd8dcd24d2942410f1a9752680d469c238f2a66451b90a1c48bb05064446352bdfe903508226e
-
Filesize
5KB
MD5547d08c5a692ca5d3fa56637d673a316
SHA1ce402db39c9c01d698f21b6efe61410567f1441c
SHA2561354ed650c24b32f12d1fb149b4ec9cc617db8a6f8e671fa36d0477391ef24fc
SHA512439e7fb5bef4e605ab85c524cf4384b7ae0801d46d065fce2d0ce404e913aef5265c968efb69a93383306d1bd4fe8441e6250e7be2e471ffe87456479eae9efa
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
294KB
MD55c97d7287ab360d47c3d5a0c36bce3a9
SHA13ecc7ed54208abfc26c4c09f27bcf9ff015e48ab
SHA256586f3fd47e414f6af5bd97a1cab9c87666e174ec9d96f7b6f265a65891ef4cd5
SHA512bc9a849929c3a198de0b811d0ac98e1ce40288037c12110a4e7b4c1a5c659de683bcfaa2382b509daa7c0816a97aab679695f3d1ec2f92fd282ad3831048c747
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b