9f0ffcd4852f9af353558f104dd8edf13e67971076341e87da304b8e6d8c5414

Analysis

max time kernel
150s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-Installer-1.4.7.exe
Size

24.1MB
MD5

86fc2557f00baf9698715dc99a8cec41
SHA1

75f8f54eabd25749af37d21316f02d7d5868c398
SHA256

9f0ffcd4852f9af353558f104dd8edf13e67971076341e87da304b8e6d8c5414
SHA512

521e19cc02c996fc478fead4239cd3ab24b70a441df138ed955d349eb46e7a03ccc10a3d58d8dc726292f494d6bd6efd2a92f62d3f179cb2751fc725ea7d449e
SSDEEP

786432:lKxabBbJyM9irrKJBH5lFRqH0fYk/pUJ8a:lKcSMQPKJBZlCUfYSpUJ8

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

irsetup.exe

pid process

5080 irsetup.exe
Loads dropped DLL 3 IoCs

Processes:

irsetup.exe

pid process

5080 irsetup.exe
5080 irsetup.exe
5080 irsetup.exe

pid	process
5080	irsetup.exe

pid	process
5080	irsetup.exe
5080	irsetup.exe
5080	irsetup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/5080-14-0x0000000000770000-0x0000000000B59000-memory.dmp	upx
behavioral1/memory/5080-702-0x0000000000770000-0x0000000000B59000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery
T1518.001

Processes:

irsetup.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast irsetup.exe
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir irsetup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	irsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	irsetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642842842343850"	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2276 chrome.exe
2276 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid process

2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
2276 chrome.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

irsetup.exeMiniSearchHost.exe

pid process

5080 irsetup.exe
5080 irsetup.exe
5080 irsetup.exe
5080 irsetup.exe
5080 irsetup.exe
1660 MiniSearchHost.exe

pid	process
5080	irsetup.exe
5080	irsetup.exe
5080	irsetup.exe
5080	irsetup.exe
5080	irsetup.exe
1660	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

TLauncher-Installer-1.4.7.exechrome.exe

description	pid	process	target process
PID 3784 wrote to memory of 5080	3784	TLauncher-Installer-1.4.7.exe	irsetup.exe
PID 3784 wrote to memory of 5080	3784	TLauncher-Installer-1.4.7.exe	irsetup.exe
PID 3784 wrote to memory of 5080	3784	TLauncher-Installer-1.4.7.exe	irsetup.exe
PID 2276 wrote to memory of 844	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 844	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 1908	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 3380	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 3380	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe
PID 2276 wrote to memory of 2520	2276	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.7.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3784

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.7.exe" "__IRCT:3" "__IRTSS:25232362" "__IRSID:S-1-5-21-423582142-4191893794-1888535462-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious use of SetWindowsHookEx
PID:5080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3524

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6eecfc76c9b54ac098affd2a51cdbcb5 /t 5084 /p 5080
1⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd08e5ab58,0x7ffd08e5ab68,0x7ffd08e5ab78
2⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:2
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:1
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:1
2⤵
PID:3420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:1
2⤵
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:1040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2580 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4056 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:1
2⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1772,i,14472606293596635484,10299503092094661930,131072 /prefetch:8
2⤵
PID:1016

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1752

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
2d14b0a791d420e1b054198670d7b861

SHA1
ab055a7d44d783035d175ebf1b11b0de2e65e4c3

SHA256
9e85d976b7e6564fa6e220a287e332e66e94bcab207c7c8d409edc161ff3c90c

SHA512
d9c0e478a88d898c9a80417bf876438ee01f5551835c5f8078d38c0a654d8c7cf3fe2045f6a1bfe2ab6a77e8c4ca9ba93aba538fc5f8565cb805e29aeb4eeee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
5bdcb84eeac8f7641e74ef22c32bb492

SHA1
c5413f8c6966ada340ee9581233223ca917ff76e

SHA256
695e42c4bf22ee6f0b614cf040df5d848abc4e4a3bbaaa12a2236d7d74dfac10

SHA512
05268e8046459d7ba4708b924491beaf89f32e0986ae6ce66b09e15ba893913d0f537cd13f01426061c786bfd3a038685d2662201a0afb7fcacef47b26f03d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
691B

MD5
81e9bf507a36b9228bc05bd24d55d226

SHA1
30463e410634acd0b603906ab4e70d0a937c82c4

SHA256
b71d543d8f19524c2c08a00b1ec2bee58713e8737431f160a61aa16fbaf803d5

SHA512
5457c449e74ce7877a4fb1415a8071b576a0c154a06050558c61c36288a6de5bf70dd12895058746791b686e9645e43a27551c8002acc520c4276c9d9a6f775a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
bd3a57ceb43f85d4d00cbac3f7de5307

SHA1
cf17a11fac6db1bf2ae8a06f357f747fe851b085

SHA256
9d71ccfc38fe16ed6c54b14de5311c39eee4b65b3b18d067351b2fd8cf406c7a

SHA512
5f35086cd68fa1a28c1aa45652770e35fea14bff8fb921054eb634bc60560fc56483b75e8e2a6d15b8159c72df0d30849054e3017afdad8ca867d722e58c6f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
053fd114aca1144643d9321580b1e3cd

SHA1
f79f25d7be167d7c39cace2fbb6636d1a40025c0

SHA256
e696ecef67c52db814be5f350b0a40f8cd7455a6909fc5f93c58c0f547635eb8

SHA512
76ad8cad1d8fbc8abd629ad46625f0ffa28b0277b88192b198ecc67d6a63e50f132ae3b7efb313e32b033d4bc460f59ef2e976d9dce8ff3a352f5e413165b3a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5415979fa642b2550d2cfc5585177b1e

SHA1
19c4e3afaf7eed25b79a27a289ea4335fa02ed22

SHA256
2a0c594a2cb777be02eecc872f2846f36d229b89fbbf1508c4c8c9e6e299954f

SHA512
43a5fee2f61c74fe9d35dc1577a628050ed545d980a91c69c6ede19911b0a746b36856dd1ef2001b7cc25b49dcfb7d5e66362ba49c728032ff02518798fa2003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
52370569ed8a82bd8ae9f4639b8f18f4

SHA1
aa571e8147da01ac46b9e70a4e542b2288e7dc09

SHA256
070f106369ef2d2ca28aa3366753b14cca6886e6015199e2ced9963f79c617eb

SHA512
76cbceeeabbfa212f322fed2cd2179c5ea64e3c4bc029d8cf2588bab4b432802e35d07688ea5c8c21fe9b03fa37ba4a51862f4a53e510f16e8b79818e7436fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
278KB

MD5
842a4d4dace23d22c8c1f73e3d7faf04

SHA1
248bc49e409d6dcec8b2e1872aa61b047a32ae7a

SHA256
739d0d9567cf6fed37db1438c9f07d33f939c853d1d46cc2d5fc7bbe9e4576e9

SHA512
1c6469579f0fc28607e418de1940d61fa58bb30fb812c21c62e9e83ef9db59e9205c18d0141bd741dd3914d3787d6462c63d89332b53eaa7f9dc8b305688147b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
83KB

MD5
c2f977f327d96c1a20c2aca3799c9a23

SHA1
f5c6eaf5dd5dae9cc890fbd900c1c71214b5638a

SHA256
ba62642c96468ba4703e50e9a3861f4952ac83b3cf3167c079867a5cf070161e

SHA512
455b529abe42bf1e82dc36c7bddd04a9287dae697f9d51426a564a091223783c063f4749096528da875ea828e43a8ec1c840ae96df908c5231599223d5508aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59a4e1.TMP
Filesize
83KB

MD5
f39af3d5510892531fda27ec08f8d474

SHA1
415ddc14ed236d93d9109fe377869914f2b1b60f

SHA256
9d0dbffcf83c76ee5f0ab928fe1daa0995b6f2b798c76ad24308e902c0de7dcf

SHA512
88038d096af45b1cfc4ba623d31814937501d9a4edbf939025176f39136f100bf20d37eecc92410ff2bbc6655f2dad2a49b4e22c35c0cc1afdb1ee6c5341a4df

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
76895a9958fcec9da538d1d9f09db9c2

SHA1
fd939724a66719fd6acfb55cd44ce901c9cb5fbd

SHA256
728c9cfd134307c0dbbefc344282c946b32f7f44d9c6b8af997636359b98257e

SHA512
f773262b808ec110def178dc79fb8da03bed38ed275fb6d002afe80a34f28f68f619163d589946eb3c8acadf436e72682a2a721fc3907718a903c84f02d93db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
Filesize
1.6MB

MD5
199e6e6533c509fb9c02a6971bd8abda

SHA1
b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

SHA256
4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

SHA512
34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP
Filesize
1.8MB

MD5
5c9fb63e5ba2c15c3755ebbef52cabd2

SHA1
79ce7b10a602140b89eafdec4f944accd92e3660

SHA256
54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

SHA512
262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.2MB

MD5
af9bb57e1893112a57a47df0908bc3d1

SHA1
39f31da08004741fd4b9fb31b04e29368f1e317e

SHA256
1cf4f5e5d5bed48b7c989e34bb80507ca623cb1ac1fc1596f07cfd1dc7aec60e

SHA512
3a8cd6660a0147101f4898c20a6fec1192b4196ae8e46cd3e730dc43c8bd7feed9c576590b6aa79c7763e5942466ac9118d44177edbc2ff1ddf1af3da5234040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
\??\pipe\crashpad_2276_YILENNQNNJXWZFMJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5080-703-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5080-682-0x0000000002F10000-0x0000000002F13000-memory.dmp

Filesize
12KB

Download
memory/5080-681-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5080-702-0x0000000000770000-0x0000000000B59000-memory.dmp

Filesize
3.9MB

Download
memory/5080-14-0x0000000000770000-0x0000000000B59000-memory.dmp

Filesize
3.9MB

Download