Analysis
-
max time kernel
155s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
15-11-2024 12:08
Static task
static1
General
-
Target
setup_dzsalauncher-0.0.5.7.exe
-
Size
3.6MB
-
MD5
f760fc3e5080cd1f6e230920cdb157f1
-
SHA1
d42ac82d90eba49484de93ef1604fae4b4a6a443
-
SHA256
e04d02b36cddf48da918b6b609b2044b5226729cf8dd325a05d6c5b4f4600a70
-
SHA512
cbd6ca7d5514e150acbc4a97bdb0ca0fa2e6661931b2bb7752d6442f2364de50cd6b9b9ab17dc5b65e4cb05178f62d17771705e9fe966331aa2e5a16c02913cc
-
SSDEEP
98304:FkLhYed+K5jFYcfBUugg+iK1MfkXLXrhxt29s4C1eH9U:G20Scfmq+iLuXXt5o9U
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat setup.exe -
Executes dropped EXE 2 IoCs
pid Process 3940 setup_dzsalauncher-0.0.5.7.tmp 4648 DZSALauncher.exe -
Loads dropped DLL 5 IoCs
pid Process 4648 DZSALauncher.exe 4648 DZSALauncher.exe 4648 DZSALauncher.exe 4648 DZSALauncher.exe 4648 DZSALauncher.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup_dzsalauncher-0.0.5.7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup_dzsalauncher-0.0.5.7.tmp -
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 chrome.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags chrome.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 chrome.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133761461573973955" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152 DZSALauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\URL Protocol DZSALauncher.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell DZSALauncher.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell\open DZSALauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\DZSALauncher\\DZSALauncher.exe " DZSALauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\ = "URL:Run game 535883735271473152 protocol" DZSALauncher.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\DefaultIcon DZSALauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\DZSALauncher\\DZSALauncher.exe" DZSALauncher.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\discord-535883735271473152\shell\open\command DZSALauncher.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3940 setup_dzsalauncher-0.0.5.7.tmp 3940 setup_dzsalauncher-0.0.5.7.tmp 1540 chrome.exe 1540 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4648 DZSALauncher.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe Token: SeCreatePagefilePrivilege 1540 chrome.exe Token: SeShutdownPrivilege 1540 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3940 setup_dzsalauncher-0.0.5.7.tmp 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe 1540 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1488 wrote to memory of 3940 1488 setup_dzsalauncher-0.0.5.7.exe 80 PID 1488 wrote to memory of 3940 1488 setup_dzsalauncher-0.0.5.7.exe 80 PID 1488 wrote to memory of 3940 1488 setup_dzsalauncher-0.0.5.7.exe 80 PID 1540 wrote to memory of 2064 1540 chrome.exe 89 PID 1540 wrote to memory of 2064 1540 chrome.exe 89 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 4144 1540 chrome.exe 90 PID 1540 wrote to memory of 3228 1540 chrome.exe 91 PID 1540 wrote to memory of 3228 1540 chrome.exe 91 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92 PID 1540 wrote to memory of 392 1540 chrome.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp"C:\Users\Admin\AppData\Local\Temp\is-0505A.tmp\setup_dzsalauncher-0.0.5.7.tmp" /SL5="$402DC,2887997,832512,C:\Users\Admin\AppData\Local\Temp\setup_dzsalauncher-0.0.5.7.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3940
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4676
-
C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe"C:\Users\Admin\AppData\Local\DZSALauncher\DZSALauncher.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4648
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87e92cc40,0x7ff87e92cc4c,0x7ff87e92cc582⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:22⤵PID:4144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:32⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:82⤵PID:392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:12⤵PID:3232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:82⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:82⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
- Drops file in Windows directory
PID:1092 -
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff74eb04698,0x7ff74eb046a4,0x7ff74eb046b03⤵
- Drops file in Windows directory
PID:4516
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:82⤵PID:1048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:82⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:82⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5268,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:22⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4872,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5336,i,8562847172726008972,11405541619551526639,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2260
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
187KB
MD543f610ce7f89f81c4c26b7538743e2be
SHA18609d0b4e1f4aca5e52bc2ed4f0f5d0fe92ad9c5
SHA256e56d497543e6aa5f0b919f2faf421fd48577decf9f99892a4ab4e83fa3da5c0e
SHA5123e1b1cc8f993e7b0b8657cda26e4feb35c79b708cb95245f54d83b7e81cc96e77cbd123e0123f700202bfa11d9c656453d941934d166c4aa48850880995e3cd5
-
Filesize
2.3MB
MD5160ff04bd5797edfd63670622dd00261
SHA103c08d54d6d1cc7ab1083f51958fd8b4d5c5f48a
SHA25671dda7f20634169d5b27e4c3aec82f509207aa5488480295bef1e6be11feb78b
SHA5126a8abc4ed94cf381d295f36661ddd8b16218715212fcf009732dd288ec51347de1a1b1dec998972391042d4796703eb3df82a4a61cd50494c00a9464844930f9
-
Filesize
1021B
MD56dbad3a683312cf6d1c4155851340bcd
SHA18606aaaf307a712d286112a576f665a1dcb33474
SHA256982ba40c3d8f845a38131bf2074c2322cddd200e65fed976759cedf25184f8de
SHA5124c4de369d9e633c2c13b3ecb3434843d4d9ffc1a0951630e706f7bad28c817962892c0c3be4e18aa32215a24364d11b7655a2c1a01f129e4d6130ce7b33b702d
-
Filesize
80KB
MD5a0828646cc122bd0c648f2f81242c9a5
SHA19e81b1bbc2889cbb55ae0f0f7e8fed3b02dc7099
SHA2566098e9bd0f48acdb502f978128c17fdda3fcd91b0824fed425c2573961009844
SHA512f32c5da7a0bc788e30fb358b7b32afff86207344a03c499465bd2583caf6549ea06fad521827b73e9106a9187ff31eaf27da8aec6a8bb9e9d81b66d7382f7923
-
Filesize
545KB
MD5f69434db8373ce22d9aaaf79606edb33
SHA1c073756a4bbf17ca75d1a933054fe6f52dc00461
SHA256cdfc7df1b238e01f0787c66d33adea1e01ab5517f715d6a28386d65404f7fd44
SHA512608b7ca1fe2fe85c91e08096e4f93d8e9a78d9a6a74a2d42eb4f9fcd88c4bea27c07f87424d5e3d8b4d11dd1b473e75ec32fcd548aad7947a020b833b2a7f571
-
Filesize
1.1MB
MD5bcf19dc71f94c207e326348ceaba9741
SHA1fbb987a0f92210c40b0b477246964fc58de9dbff
SHA2568fdb5591886d1764947b4d3369b59b5f383a5be67190eaf2ad85cb96180ea27d
SHA5129444208526b840ca67722abb14d22908b6743943073b7e982358978290734db3ab017000f7ff6bc9508a912393423bf02b47a04df69fd612cf4001d75a1a5cdc
-
Filesize
38KB
MD538d9394676911da227352fdc9d2fc5f8
SHA1cb104dbbb4f22a60770e1e9f1ff5a9e52639954e
SHA256d52ab7313279be7d486148e668021adce562b9d9c070b8d384ac877051b00f6a
SHA51243c996f5445e92ff4707c0f4f920c4e180641add11bee101b462121c2f2a68819024874c3592f67ecd0f47ffc6285e9ba5838614bc892100c004d3a671287ec9
-
Filesize
830KB
MD5b747928eafeca85a4ba40a17373a9303
SHA1258589c69e7b4a91eef58415f035deaa0209ba58
SHA256c45ea8e9cd86bcd35d1e8004259d3927513e0b4ff42381e47c843c16dea97727
SHA5122bc8ebc732e8958400a2f082fce351e799aa471fd12d82cb41f3e4d0747803d7d57d5902e00ff99cef764f089c3e0510ff39bac210789d6ebcf4f808765b78bd
-
Filesize
687KB
MD5458744e0abe3cec7cc8b1612f60e7cbf
SHA1e5b40b88802d2bf12a0c6634afed9bf128c0db95
SHA25699c75a209632cb4c51b700cb7631c8523fd8e39436396d8d45a66330825ab7c0
SHA5129c2c922c4dd0250714dee763a8e8dc9291f50da9793f0fda4046852b8e6c1a1cfad3d01dffaed41a588181420633994b0515734932c9d0c2f320406394befa50
-
Filesize
147KB
MD51193347a2250607464546e33d4f23c53
SHA19b33d632190787a7c586e8d6e8c873ff47205fe9
SHA2564727a13b9f75bdd74e99b9c8d5afe3cafa067519019f669e1e105f94e67d3731
SHA512d47591676c35728481014de4e9da1b1b21f440c434d54b28576393c8b45773783b384d99aa43b3c4df26b456a4345faf0c7ae5896c74c22d4dbba427e4670584
-
Filesize
22KB
MD592091c27b25780f4bf9b9b9ecb400283
SHA137c52c1c606d1499fe16f3df7decc53cdc0b1fcb
SHA256e77a4d0b18a18cca39bd57d69b6117872fb537bf933141b34b2bd912c45ed463
SHA512d6b4d5d636d5530dd71eb71a7ab62c9ff9828baf517dac8d2603dde182f5f2b9f7b6d662b6591cc95c0184c8ba70f84f1dd7d7eddf1bc3cb5e488b374e9561ba
-
Filesize
50KB
MD535e76994551a45044fe19e783fa7cdea
SHA15e1a2621c53b1ded99083296f8525a17216bc897
SHA25699da4ba5efdf321cf1154a53661c1e16bee3ff0018808a3f88695728ef44f815
SHA5120593315c5aaeea096fa51affe44b4543c561260bb1f99b99e618a4075d213a3bde57a3bb1f414b962042ca83f8392c185690807ff7ed14bdc675676896cf06ce
-
Filesize
261KB
MD5332e060aaddf202dbdf3144eaa59f469
SHA1aaddd19dadf07f20d15a536ffcf10651ffc9bea0
SHA2567a0ba2cfaec6f45e157c8bd85eca9e2838151c0a39d9bf477b09dc2345813a59
SHA512c8e584dacc04829011360bb30627b4b5bebfb6ba937e4fe5bf2f6e94573cf0e4cc5945bb1ca0daf2540b173c25da957bc594bb0de8fef9f90f026934769fdc1c
-
Filesize
649B
MD55dd175d97a0b0498d2088617b2fa62c6
SHA13f5a3a592ecb5d40f0d281af5087165c09573427
SHA256e624ff27195d2a4cece094ed5fc8b43b8409201ad838095876cc016697e69c8e
SHA51247f9223ffae273e042dc9017b73b4dd8eb1c825d7413508c4d8f6c9fdbab74784013ba78e8f5c80fa4e881d9abaa9301d2d784092feb245e667c6010c9ec5c80
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
Filesize
216B
MD54356463a59ff8c29b21fb364aaf4972b
SHA1b8d3e8772dbe3a975dc9920730d84766210ba8da
SHA256506175f91990a25c73848b16649a4b7b03ce405ca7479e8dedf474da8cada49c
SHA5124de6fa646fa4904e8bcdba9f70086912a5ac3ef4addebfd029ea94193f1af7d67cbfdd2503896c62dfd5388180fa31875a401c09a764a7adbcd749bbef7c076b
-
Filesize
216B
MD5f6e879b5af3d319c8f5de3c1ff373516
SHA14565f21910bf786879af4c76bdec0511527ff75e
SHA256498e951b3dc4963e6b73f8845f18cab5f820e6419c11976248f6e1730e462700
SHA512f1698cc2f918aead78038760f109b10107ff119e4682f6c8c0baf78f38b31c4d5e3c994f4b2a7e5e91875a5ade0fb2771f5f4cef2da172777c10b23f4c696328
-
Filesize
216B
MD559a6058f4af683dfff3735d296ae4436
SHA12640d7017fc5ab2cdc7cbe919dcc6d138230f526
SHA256b70fbddd52359ab02e114e9941863b8238e873c17ca27b896e8f000a90ef9244
SHA5125e28eae0b646563a34d5b9d4971730bd44d063cb26df0074362920fa9f1a413f4cb11b91a0c4470e5fccff1c23166d151928d9146bbaddc2995de1a29f00c676
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2KB
MD5db45cdd1e0ee250029025cf94302889d
SHA14c48b8fdb86ca027ce305e2d7998f3e3ff9d3f66
SHA256274dcc93a7736cee82a0c205282f02464e32ade1dbb3449c421bad20619bcdc8
SHA5120b28d80886bf44bc556a064fff86cd3d746c39a30d2e94852dd5f0b6fa7a3ab37a55d452ce9d3f62536d3acc89fc2cbb3b9b4ae73a9b6fe1f5434958a4071986
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD5ce3ea4ea5bf523d59c0f69489fe80068
SHA1423cbe9a7337cadef903a9c12b661403a62b0106
SHA256da376389b4d204a47dbd7fde95889dbcbe70d9b188d8587493dafb99fdbc66d4
SHA512176183fa9222bd5f3d40136160a5bb48e0fb8f8a230e013eedbd068100f7e9ccabf2b0d5b6ab4135216a0e10d97be9ddaa80a366245cc0b1ea56999710c5d36d
-
Filesize
857B
MD554b889e1300b69f6c179d6e425ba5ea5
SHA1085076b68ddcbb2e1565a8beaa11e9bb8e089fb1
SHA25615adc81585878058ce37d1f2cc109efa71c68982e84b8d11d050f41194944895
SHA5128881ea0d05af0711c3cabe855c9f5773d53a6c57074ff0bfa78e46e8cc133027dcdfef0bb7747d466f3e5322ec48f3aac1a03600c444b36fb863589ebf8c5b1b
-
Filesize
354B
MD5f6cb6b510e908cc24573ef3db7f5ac58
SHA120e26a698422fda1b17a85e2f1a057933079ff7e
SHA256be2a677fb56014b246ee78ab2546504217bbe523f0dc3d6e58bee484f08ec7c2
SHA512978ef46bfe77785df9669eeb29c63073599edff9ff4ad970974f828db7a9f788174a4f403991ccbf8e4e1f2ff246beb48d80c46c27aa36a571a1d974108231cd
-
Filesize
9KB
MD581aeecb252f86d2eba0d3c38f3090be5
SHA14c078339d28628bfd4ae215e037c1a36d4ef8469
SHA256fdc5d05b2eb9bf262c0ea625f6b65745d923f63f90efd6fbbfa8814603689b38
SHA512a1bd172882d29d1434fca6c9193d72597db1511e3f827dda04c4280195a06c9f99ebe17b888c34eebef6de03062d108a7ad3c15d0fff460082073d211eda824d
-
Filesize
9KB
MD53ffdce816f49686a1afe021e6b971a82
SHA11d22dc219f0c18fc0ddfab5c460cf710ff71b96b
SHA2564f4167e20a4702ff88ab4ac6fb497e24717dbf775477bf08a2d904a56be59882
SHA512927f7637e3fb918362506843f9a37b8515f707b478ba23c20d96c3547032a46085d1ab7b1e83d7e53e590d6461e549321038ae018bf048477d7368a5c6a3b49c
-
Filesize
9KB
MD5790e0b186e7c05fa1834173f872de92c
SHA1f5e7919afc44d73f6f6ab012aaa3cb3359f559c6
SHA2569c0746b8edb3dcdb216e1c4a1dd539cc76fc7b9c57c58ecdb4949c891319a320
SHA5126be3d481cd61a7626c6e85d201d20c84bcf53a9a395c6cd07dfb246c4ff218b80ef4c8a2c1ce41b1f497b147dc13c875c8abedd6d5c79fc12be8696995a10212
-
Filesize
9KB
MD59346ba5cb675e90470de876affcff361
SHA165d3e0839c82b23b2506ee614565ce63ddc44fcf
SHA2562256c00cfa1ad66972ff1621f9ab33be70389dcbf97fc75d6b69a13ac73af583
SHA512ac0b3a52e0b6bd448c5a5b241bb268a613f1e6e5cb570712452b7c45be8adcfa801d854258693e4c666e07776a799c28017bf4dfff1ecd8566ca864675c6f0bf
-
Filesize
10KB
MD57d04e137ae618937b7d02d1e479c65f3
SHA1c2f9d5296988f37f03b81d37887551555247e3a6
SHA256bbf62f7a78c9781487ba71b0b7be60745de7cc211b037782b3c559ffe9251950
SHA512cba61473483dae8782c36201c88248c881744045fe5388a5ceb4cc335495bfcb0270675c56cc42c5e967bf9d27c5bdb66567a3e14387713f8d35bda8255c0f17
-
Filesize
9KB
MD5361da8aee79c1350bad22c141295953a
SHA1e167b96f08de6934ba31725be3f139f81d6ef7e2
SHA25628860e2ab1c96965750ce775fa79a4402bcfb23a045280d87053505b6ff827ac
SHA5125ebabfeb134858a28f9e8050f0300ccd6f6e553ab647c721a9e40445b6c7d226d9e5234b21da42b4d19832399a4ba0c537d46ea1af55b96730163018d711bdc6
-
Filesize
9KB
MD52ba2b1fe03c505c10d0227987aa8b1d9
SHA15117863aa21dc72b0119a84e2e79ded2d2cf3c71
SHA2564227af94bff209b427d26a2656599b2c5c060bb769283b2ca12998aa8aef6aee
SHA512e25a01c321c6a9b158a327c0489d5cf395ece1e68005cdd455237c7a3f600e53598cdac5e2f68c561c98e6a1b1bd67284c46fee1f5cdffbf1291c65ad8f1e747
-
Filesize
9KB
MD531f84d9a957cdf42c7d101f20c7087ff
SHA117b5547c9352d6d0ecd139c90ffa4bd04fe474f9
SHA256ed2c37490ddd9b4309662b63995258d4ee701c83f1a0e4a55f8734224f00d83c
SHA512df76529e1967f1d9b068bc18b82c9c50bb1f8e77adc714e262239fd6edca5c93a7abfc75f8fa1d0bb819eec55b9e4357288710d42ab8cfc5243b05f30b6ffc0a
-
Filesize
15KB
MD5af0380907874b945737ad90291a6488c
SHA117413a53ad6d33aa67953b672a749f518408b649
SHA25663b466002b392cfefbc9f6160009c518f3ce223a2f562d117a321bcb744e46a9
SHA5128369d5461c60a33ebf584b2b3d8a8db7985a73368a9a95df793ffc4eab6a914ebb7bb159bda045caa3f7a5ee990be6abb9f4172f5ab296a9179c0e942c422fd7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD53abe79b9fd73ffa0d295abf590998365
SHA1b6b8a81485d55b3ae65b9cce57493de02221a2cc
SHA256f1c9a96c21c2e40d707e956e98803cbf4ce3b5a1e1ad300a44c9919c800f110c
SHA5125b2cdb201f3f480b8892439f8305509c156ec932a1b03d0f1f6c70dde89e4e3888bb71506b45ac437998dc849992e212e6a9a7ef568ed1248a755a662ad83456
-
Filesize
232KB
MD56bbc72f9fd5b02973ce0c371cf7188bc
SHA11ad0d5a9dd7650361335ba6adcdbc0db55d411bf
SHA25618df55eef14e551852e02391d73fc68e4320ff2f6c25bfa8ff500e32a6a83945
SHA5123b350197724572d2f306a279f2c8605d27a120c96c119268b7cd5812f3cce8f0796a21f53d509427e385c226da62afa1d7e4f63e4fefb2127c51c7782c39431a
-
Filesize
232KB
MD5154029d482599b04c40587a7f1aa60d1
SHA18b329a41cbe32c34ad4bb2cb48d36ccb4d05a73b
SHA2568c13300ed2c0ed264e1e94c21a16dbcf2cb5932a2a86d334da91af971259119e
SHA51260863964012fe63077aff4411ecd1090dc39de210e3e355a855b45424e22577ce246ea51df0f0e9f92a3c8f8d771995d28a11607021662344d9191cb50fc2f5a
-
Filesize
3.1MB
MD55e49bedce38561bc9930155ce1ed454b
SHA1a5127132e7768a0b2db444f40ed4a7a2bdc62cc9
SHA256d158fa31f9c2a66a928acbbf682d692870f8e52e69a9a16958c0dfffed18c909
SHA51246c4d86f24c7c7f6242f89257e9db07d4b24558fa2d0ee97d5cc6fb51db59123773e53a93275079c03371d2a547dd0c8f442250ee7022694ec97773df9b75d92
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
132KB
MD5da75bb05d10acc967eecaac040d3d733
SHA195c08e067df713af8992db113f7e9aec84f17181
SHA25633ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA51256533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef