Overview
overview
5Static
static
1URLScan
urlscan
https://steamcomnumn...
windows7-x64
3https://steamcomnumn...
windows10-1703-x64
3https://steamcomnumn...
windows10-2004-x64
5https://steamcomnumn...
windows11-21h2-x64
5https://steamcomnumn...
android-10-x64
1https://steamcomnumn...
android-11-x64
1https://steamcomnumn...
android-13-x64
1https://steamcomnumn...
android-9-x86
1https://steamcomnumn...
macos-10.15-amd64
4https://steamcomnumn...
debian-12-armhf
https://steamcomnumn...
debian-12-mipsel
https://steamcomnumn...
debian-9-armhf
https://steamcomnumn...
debian-9-mips
https://steamcomnumn...
debian-9-mipsel
https://steamcomnumn...
ubuntu-18.04-amd64
3https://steamcomnumn...
ubuntu-20.04-amd64
4https://steamcomnumn...
ubuntu-22.04-amd64
3https://steamcomnumn...
ubuntu-24.04-amd64
4Analysis
-
max time kernel
1799s -
max time network
1685s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
31-08-2024 06:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral9
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
macos-20240711.1-en
Behavioral task
behavioral10
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral15
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
ubuntu2004-amd64-20240729-en
Behavioral task
behavioral17
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133695607717120414" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 2576 chrome.exe 2576 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4988 wrote to memory of 2072 4988 chrome.exe 74 PID 4988 wrote to memory of 2072 4988 chrome.exe 74 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 500 4988 chrome.exe 76 PID 4988 wrote to memory of 3492 4988 chrome.exe 77 PID 4988 wrote to memory of 3492 4988 chrome.exe 77 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78 PID 4988 wrote to memory of 4664 4988 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcomnumnlty.ru/app/1643320/STALKER_1_Heart_of_Chornobyl1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff902d99758,0x7ff902d99768,0x7ff902d997782⤵PID:2072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:22⤵PID:500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:82⤵PID:3492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:82⤵PID:4664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:1060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3956 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:1164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3116 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:82⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:82⤵PID:4668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3800 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2416 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:5036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4488 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1368 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3096 --field-trial-handle=1844,i,12288714950058299337,9543441679995759349,131072 /prefetch:12⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD59c19688c56e11ade00758b131d32025c
SHA1b0adc2ae43bafd90339224359275b469c3d02011
SHA256c4fd2061e02ff3097f1284cf65ee7d194f701a2d7e84e3a4336d9674a96f92f0
SHA512aeb618a39b0766a598c3daf914a64894f26ffe5e9af59c91975bf1d42722a91ab91bd8811cf42550938201201d1d587a887492826ecfc83a871f1108970c2483
-
Filesize
5KB
MD564ba5db7b9903b9f0c08262335479a42
SHA15bf2da52f54e0359e8bb8e8ddb5b04f38d7504e1
SHA256081883b20613b645b8ea2b579eab6291802684bc9dec4d6f8096ea2acc7e2ce5
SHA5123e6be2c57691221c23acef415dd81d69af013d3893b3a6bf0b9d65d86a5e8b5dbfe096835b6a6efe2e8da2c3610ddd3839aa48cf7f35bf83a323a0d7f55eadd1
-
Filesize
5KB
MD5ff4ba5a6c44e2ecfca3f437c481b8a1f
SHA19fd68dffe4598b9166ee4e0ddc5eb9d68f3895c3
SHA2568e28aa88ded7898a5aa55762eb458a5f273af13b662119d5d998f13e0db5a5ca
SHA512c09f806320ac272bbee49ef32b48654f667dfc30fd8a2746464e2a141242dfe9327478aba0c8cc2392376b2895b2cfafa0031288e4b30b3ba1ad893eeff222a8
-
Filesize
136KB
MD5bb8e63a5db54e2929263a880db78aa67
SHA1e899854b627e98423e2c3bac560f4fbf039ec922
SHA256ae449b2c3cc5b4bcf35a7d51c02f4e6c8db379c38016d576460bdd1ffb010302
SHA51243e110819cad060177a475e072e1b4af6661754f806bd958407e30f165f71ef582baa998b6b3182df1a7641fe695f1b4cc57052fc3f7fa28b4fa235e1e5461ff
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd