0ff0d7f6a67bb2daa879f111d4649231cb3bd89090085a06c9039aabc5fecb2a

Analysis

max time kernel
63s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheatInjector.exe
Size

12.0MB
MD5

ffd54dd853ba501a846bcb20b8fb8a92
SHA1

167e0a2d7fcb110df4d5561cfb0aa86e67784f4e
SHA256

bc668cbc597c7b00abca9b6ead346889cee9c8de235534bff296417a077df999
SHA512

eedb05f9e7a260004a53b6196401e878c8f2d2f1c47e280dc5bbca245771417fae7ffea1201ccdf1ab56a6998e0acdf2ee7e39538ea91e056f91811e2e253f6f
SSDEEP

98304:qTTm3vPx378D4xKKpmULiOSnP7REM+aweRMEz:5Pp8D40/UuO0P7yM+M

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

CheatInjector.exe

description pid process target process

PID 1436 set thread context of 3016 1436 CheatInjector.exe BitLockerToGo.exe

description	pid	process	target process
PID 1436 set thread context of 3016	1436	CheatInjector.exe	BitLockerToGo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2636 chrome.exe
2636 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

chrome.exe

pid	process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

CheatInjector.exechrome.exe

description	pid	process	target process
PID 1436 wrote to memory of 3016	1436	CheatInjector.exe	BitLockerToGo.exe
PID 1436 wrote to memory of 3016	1436	CheatInjector.exe	BitLockerToGo.exe
PID 1436 wrote to memory of 3016	1436	CheatInjector.exe	BitLockerToGo.exe
PID 1436 wrote to memory of 3016	1436	CheatInjector.exe	BitLockerToGo.exe
PID 1436 wrote to memory of 3016	1436	CheatInjector.exe	BitLockerToGo.exe
PID 1436 wrote to memory of 3016	1436	CheatInjector.exe	BitLockerToGo.exe
PID 2636 wrote to memory of 2696	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2696	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2696	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2504	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2552	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2552	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2552	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe
PID 2636 wrote to memory of 2956	2636	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe
"C:\Users\Admin\AppData\Local\Temp\CheatInjector.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1436

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e69758,0x7fef6e69768,0x7fef6e69778
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:2
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:2
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1176 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:2
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3112 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3920 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3992 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3768 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3412 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:8
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3636 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1644 --field-trial-handle=1240,i,2305601337559871775,9757006623782312927,131072 /prefetch:1
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1468

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\86c938db-8817-4ca0-8c55-5d8c2cf261a7.tmp
Filesize
290KB

MD5
6e26f12bb1fc2dc0ff697c14bd268405

SHA1
128b26fd95d3ef881e7fcc42ef2f9ba05b7ff13b

SHA256
8b52bdf115647dfaa9ca5df25e12aeb25fac9f13c2da30ca6a7cd37bb89f5597

SHA512
6c3d558a1aab0939241920277a310242bbbe2b21819cf5cc89a21c4b0beec886cb5efacead91d1a9215a22a1e21dd13ab754369e23d1a11898f7d4de1acff902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
225KB

MD5
d115c0a2800145c06e066875ba331616

SHA1
b94c5f0d25110782e939d1234141b70e6b238653

SHA256
113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e

SHA512
2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
23KB

MD5
7ef4c868940474e95ff7cd16af7d6094

SHA1
097edf552efc7f1ca4385da8f1312ee9047d9a3a

SHA256
949fa6feeb661f52de6cd85cd5ab44e315a8a8d22c48e1bf7f630e37dd9a9223

SHA512
730754efbb62a0a6886ede62f2daedaabd6230a4611e26e72b4c84dfbecefc8099b30e11c03debf76eef15df6de2f57e518ac77f1763fff734b123c0e22b33e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
19KB

MD5
0e598b4e0838f1540edaaa0ebf6d1e68

SHA1
a69cc56bc59a19d8e0da1b74db64b0f6c319e095

SHA256
4ed8eeb9c3e8abd8a3ae9a6e4a0da56d3bb513938555795256d73cbd578bbe17

SHA512
4a00bd10f567a45b9a3332a50803002f4a089bc38b065657e2a921d505c0a10c4275add2d6c9b4c3ea6a5ba87ccff47140aad0222bef3fceac331de97cb1f273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
Filesize
34KB

MD5
367d6749aabc56bcfd8fe6f68e8ec07f

SHA1
94603bfd837a6cc48b0b413d97e6c21294139f01

SHA256
aba7125a597cbea4846b275de47b9e35fb42202d217c321ad861b09d3b831b5b

SHA512
737b43474c49d945fcc767a082ae79734333de55374c35825993539376577af76175a966e633b8224b4ede6a42738f3298e5c42d7a307f37897857c7c65842c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76eba6.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
dd516d2bbb52a31c8d585e8d42e1e2e2

SHA1
e6ef50a2a02432d14bbe493551e7badeaafaa782

SHA256
5421b88d0fb8714cdd62a7f8c57ddd129a14c65eee11a5b3567639828ec56db0

SHA512
d0cdbe2db22589cc4587a08fa0604b804c52ce0ad072df3d0dd353d30497bf111e3e6fcca186fbd0292b1d0b030e57ffa6e40a34369c090bf01661b790e224a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
855B

MD5
903056262219b02e15913b4f87b1d04f

SHA1
6e3887730a78dafbada404d8a3054c7b16bfc869

SHA256
2aa1f25d28b4e2f79f540856e6c1ebfc26aa774d411b6cd945eaa65076569a3b

SHA512
9c65f2b628f89c34b7d3dbb36cbbb68c2f51de54b3783a3e22a96af69628864b9bbf950d076f7fc65609e866788552322362fac8f6c312fd18002bc689700897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1018B

MD5
2d408cb8818a3e68833e1f4bb563314b

SHA1
34422e91f8be8c7d987892e37a620daf98dd7668

SHA256
34736445ab7319ec761fd41b2226aea5f02c3855989ceb62b220c734d976ad58

SHA512
a4cd162a4923b6224b7755521d456663d1d35ca3f033f9069683c8a7db1d0801a8ddbe5145c4aec164be14a2e0d95e6ac1c07e79705cc2e21cbbc3aa8dfe56ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
be6b3c6ce46eb586613cf2d66a6f1c2c

SHA1
82322dc41857e5087efa964ce74425a4fbdd36da

SHA256
0e8503185cad83b01a82572c8b24e0c318624129dd9593326190fa9adff64767

SHA512
912c6a12c3f3d379994e010d14d63a3a81897a4a3e06df77b59826b40a4aa9918bd003b7b3f199ea7bf00e914207b46fcf06ff070b09b88cc9461fe0ff589b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
70b8007819ddecf417bc2dd9f10a5929

SHA1
8376b65cb49ffb1df9c312757bf0843e05781889

SHA256
685d89c9f364cd3458350ee7f8a8d52fc952dbb15f16ec4aa1bed29c27cb197e

SHA512
a21fd00247325405de8b12f56c5d94d7478c16a0fabf2ae83dcdebf698c5e1695e43237ffc067072c39924829c71e452dadf4d066f12887f86d17046893f922b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
2fd33e2a6a73029a8d3c45a144d1c1fc

SHA1
b5d87072d6d8e5456223b76c0562765795a9d55e

SHA256
3159560839f621f704ae781eb6954a4c179239c9082fcb1a45c93767e15250d6

SHA512
4e32083093330df137c7b1159f59ea6593da4cf7ac8bdaafb83a7f782e35892ff3a9220be1b6639828c47368014b957345643776adfdd8e6d2d2149b2a2a7872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\91d6d736-cccb-4341-ab04-9df4644c57a2\index-dir\the-real-index
Filesize
2KB

MD5
1322f416442485edf4f67ac475046ef8

SHA1
27334af9088adfa5b09c757ef4e5ebc482a1c0e2

SHA256
256eed57d1c0eddaa50526af50ca301726c3136873b35f12120f16ec371bf127

SHA512
cd9e958f3ef0fafabc04bd418576bb386070f1a2a71397eef64c6192a40fc8ef153344992257c60e7822c9ec6bdc65a5a4f5666d0a06f0f49fa15b11e49d49d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b3d4eb87-fbc1-4c24-bf8a-ab7266822207\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
176B

MD5
fef17163f1c03672d08f0876d892bd41

SHA1
19ab151b31a7e32403e18eb3a6701f7d57c3f1b8

SHA256
98a612752888452f45cadfb1db0fb552fb9f8f469745d6b2380e2dc9ef0f4e50

SHA512
9e225a28ead1355806247bff7cb91c8ba13c23c09bddbbbdccf25f408029f674b50912a338f8d12c85ad9fbb9e120a6e7c070243a05e1f75d8a33e06dca400ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
178B

MD5
7ac11a96df3da794cd98c95d274cdb59

SHA1
78e71126a503cb7bb332755254f04a6b632af296

SHA256
8cd08c47c832d9bacd7589eea7fe1e248eae41e661627594d632e72f4899445c

SHA512
dcc790d567f41b0d630d2e9d160783254d7ad6bab80d4b385f5b89beb31c03bc39670022d70d97ce7b5261ba8d00cbb14677ff74113bd1c8622884bb00243ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
112B

MD5
c5ede3d3a849965b8497c021146add67

SHA1
5da6153c23b0a9dca61c965f6bbc9fc79cd6d54f

SHA256
c6f0c36fb9f17cbab8d6a6c8a3973a4d4d1efd1f2dd07cb5c0a25def76214df5

SHA512
790d2e9cc0786f72c3a3d9ac1376baa054ec50a321da9583ebc826839c9562e2d0368e97c8f9f00b46c383f08e92f6a86355d12be56d252583a1a68a63f08fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
114B

MD5
98ad1b575462924f57339522f400324e

SHA1
8a9cde21286155fd1f93f313369e5fcbc8c1ab73

SHA256
455f35dea12724eb529ccb25d801ea59499ba8a614c45b64734f9c6935909e51

SHA512
40bfe7f9c5d7cb4c36da676d04b4949cab857d7e4e0ac371bb421bcd29752c17944ef8591a9c0315a07d09629d5ae7439d3ce893634afe3cafa7ab6694429eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
247B

MD5
d1f8d869c1340ce298efedeb6a605e85

SHA1
79f66d59be9e9e85000e2b39e4bd89299e6416e3

SHA256
c8e04b8ec9f75c4ce931b1bcbdf065b7df9d0c37e0631f431a48313b5777f6b2

SHA512
7a5ec16ddc4c61a1d9cf109d3a0e91fac4ffbf7da5e17af5b91b5235a533c2f9f8c81179d7281d2416526078f8a34c43d0bbce1af4b3abb1007315cb30c00deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
187B

MD5
a9a8c7a2e038ef393075be6da6e6b24f

SHA1
fce69155b738b88e9e192b1015929aea79c5cb9d

SHA256
a10a1b7544ebed721ff17fda24e64554317557e50a5883e6ce16d9701e340000

SHA512
094db14b1e9c47bd77d9222c032dcfba8918d55c3b1648ad805e9eba7add3eb00d9602407d0d6a724c32987b15e2f0eaf3e674a4c39d9c243b97212461a9ddd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2636_711913293\Shortcuts Menu Icons\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
290KB

MD5
530e4069940c4139dc8595e42e489f0c

SHA1
aadd63101c4224962025431dea6d6c0fda7f7e83

SHA256
8f5edc0a44cf9e430b5f9726270740c8bb33768fa60010a0f861619efa22881e

SHA512
9b84e893652e35bd7cb535963c3d3fe720b7cefe6b7bafb16b98615fa7a3508184d90516a3c5867d0aebf94e7f606a862079cb37fffd6c2313511af96e4b83d1

Download Submit
\??\pipe\crashpad_2636_FFGADXVBMBJTGSVQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1436-9-0x000000013FA50000-0x00000001406C3000-memory.dmp

Filesize
12.4MB

Download
memory/1436-2-0x000000013FA50000-0x00000001406C3000-memory.dmp

Filesize
12.4MB

Download
memory/3016-5-0x0000000000080000-0x00000000000D7000-memory.dmp

Filesize
348KB

Download
memory/3016-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3016-7-0x0000000000080000-0x00000000000D7000-memory.dmp

Filesize
348KB

Download
memory/3016-11-0x0000000000080000-0x00000000000D7000-memory.dmp

Filesize
348KB

Download
memory/3016-12-0x0000000000080000-0x00000000000D7000-memory.dmp

Filesize
348KB

Download