Analysis
-
max time kernel
84s -
max time network
268s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 09:56
Behavioral task
behavioral1
Sample
Injector.exe
Resource
win7-20240221-en
General
-
Target
Injector.exe
-
Size
3.4MB
-
MD5
c6b39ee166d5b0a2c8a9021ccd1593ae
-
SHA1
e480e7c282f64e8b0179c82afe154dd59d14217d
-
SHA256
443b665c5f545a2bdd7855f86bf70a5ee7f35eda1b6b08615161f5809cbda02b
-
SHA512
3864aea36c522ca5658412128e6a4c862a647cf3b1054b9adbe418488590a37600d7639c3eba94ca9de76f087b244b95644c667213b1122889cf2d9b7a4652d2
-
SSDEEP
49152:Kl0nJ28J4VZohYWVGGjW8NhSU7zwo8oXJ2R3KPHsI7coj2J+eNgRpqNc1a:KmnJrJ4DohYWVTJNkIZZ2R6vsmA+FDqN
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Injector.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Injector.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Injector.exe -
resource yara_rule behavioral1/memory/2160-0-0x000000013FFF0000-0x0000000140950000-memory.dmp themida behavioral1/memory/2160-2-0x000000013FFF0000-0x0000000140950000-memory.dmp themida behavioral1/memory/2160-3-0x000000013FFF0000-0x0000000140950000-memory.dmp themida behavioral1/memory/2160-4-0x000000013FFF0000-0x0000000140950000-memory.dmp themida behavioral1/memory/2160-5-0x000000013FFF0000-0x0000000140950000-memory.dmp themida behavioral1/memory/2160-6-0x000000013FFF0000-0x0000000140950000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Injector.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2160 Injector.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2728 chrome.exe 2728 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe Token: SeShutdownPrivilege 2728 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe 2728 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2728 wrote to memory of 2444 2728 chrome.exe 31 PID 2728 wrote to memory of 2444 2728 chrome.exe 31 PID 2728 wrote to memory of 2444 2728 chrome.exe 31 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2928 2728 chrome.exe 33 PID 2728 wrote to memory of 2420 2728 chrome.exe 34 PID 2728 wrote to memory of 2420 2728 chrome.exe 34 PID 2728 wrote to memory of 2420 2728 chrome.exe 34 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35 PID 2728 wrote to memory of 528 2728 chrome.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\Injector.exe"C:\Users\Admin\AppData\Local\Temp\Injector.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2160
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67d9758,0x7fef67d9768,0x7fef67d97782⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:22⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1316 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:22⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3260 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:1268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:1960
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f7a7688,0x13f7a7698,0x13f7a76a83⤵PID:2372
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3872 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:1088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2408 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:2532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3004 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3352 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:2720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2256 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:1824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2316 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:82⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4208 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3916 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:1864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1480 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:1812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3836 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3520 --field-trial-handle=1284,i,14353328569720729426,12726136265054003880,131072 /prefetch:12⤵PID:804
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f3cf30a942a7a2ce9431b13ad0d08946
SHA12885ebdbf0e23d74a7ed92d74c3f6d8743c9b83e
SHA256144384ba5e6e1476369791b91db3ba304c64a5eadcc0bb1cc319a732289a8c15
SHA512d43455b18ae625c57a7969de99c262a10ff3cacb861fbda113dff5b4cdf2e93093d1b4532bf5c33d60064412b0f53b1f558156cf914d96e022e4d91a73f418df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ccfe8e84572137f78c32625aff3d7d9
SHA140c81bb465febc7d40b2deb980417964e3e27daa
SHA2560b28ea92fcbf89d5326b01c4c9dffd125ffc75352bcf7a7923cbcaf1dd9c96e8
SHA5125d4ea9c780a835c9879256a496d62dcc21854b54b370490c22c631c1d406db6fc495ede06cf11db02287fc98b1f400725c3200cff67cb551cbbf05e17b09bdd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7264f6e4bda8a041fb7fa971086b7c5
SHA1120b45759964390419991d7520134f0ee7e8d60e
SHA256e2f9abd21d6515a55f8201513d42119faa8bc6c82337e7fb3aa67babdc22527a
SHA5129c6d6714f8de740f2b9b7e06a3c2d065e57983c3e23bb113b074be6ac3cc0bac4936a7ba795ee255bdd2b143925dc3622428a297434cc044c07671f41e73caec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5338068418d9d647e60d8b8e83e873240
SHA1855689c26d0fe91dc93710aba72279345873b200
SHA2565b700a527686557ec02a1f869adf11df825ff9511f7186636146459d5ff37d65
SHA51257baee256aed3d867c1a14afa27d81d42374116c6a4bd3c5b142d90f9a72b5d3d8e90696351577a87ebff6e1953a4e0f49ba3e309930102edaaff3c2474bd239
-
Filesize
39KB
MD5e3b7c1f55a368984a5ba8cba843ed6b7
SHA13362755d9f77b6eb0801ea9b3301a24ee63fb22d
SHA2567bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5
SHA51264b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
323KB
MD537093f2feea92959e091526307d2c182
SHA1eaebb4130bde4631d0d180e81f638349c02c1918
SHA2569a3e745bc2ee8934734a94e0dacadc3939e4454afaf3c9fb7c91bee5e3bf7bb7
SHA512be24a67f7ec28d9b445efc1fe29e7e28c59dfe066dea2c9825d1269ef2812dc1a051e29a8d3957af7f88ebf14670d0230a95e62a81203d3b865bcdeb57790a15
-
Filesize
136KB
MD5dcb94330523d6223499e85ba8db11fb9
SHA1d38d3f8cedd877372fafbfe19fbec25a50f58fc0
SHA25634a47efc5c3140b198696bf3edb55d90b0028b2c3d8d5db2612b0f78e33f0da1
SHA512ff35233bc4e93d8f9045e3901f79626e97ab53b47361d1379351793779070be5d2e51300b04397c995771ad9d7c885577c9e2fa3eb7698253d3c732d4f3fa1ca
-
Filesize
75KB
MD56dfc41d3a3dfc0d30527b2cbf4b20429
SHA12fa817e99e2f47465653a4c55f59d48deda87eb6
SHA256a73b331dfdef589fafa3371563a1bf439da12e33a4a295ecca371ddf9e52adad
SHA51247ea660b576e7dd94bbb824e478072b42faf9fa0fdc4ea9071537797f644540ba1f434490f89ce1a2890134016cb786cef4657b0d0e4ea566a2a0f66ca88798c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7714e8.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD5b629fc9f10ad494445f3f71981a3a6f5
SHA1bb2b3a48ff5e1d72c1580a8d7780bcddf04c4a6c
SHA256f24119ddb2360175a7b19a2a50344dc1edd45350e7ade448b9d45dc5184dd9bd
SHA512d0a4435c9415cfde0faa3088ad1db9a91e3aa308a86449a13d946d36fd7660e66b6d1512e24a4ea707056451c2be02f4384ce402f10a6c6ed2e6130a419edda1
-
Filesize
2KB
MD5c424e684b227eea5ad5be8ec16d47fdc
SHA19c44ec4ebbeb296d4610c3ceaee78bc0dcd6dd0f
SHA2563c0933944108fd9301d25455fe4a3bd57baa6b968368805be353ea1620f8d245
SHA512cbaf82bcaf9b31556a59bfd0eb59722878aaa8e57a7275960c012710c452c7c790ebc9eddf09f9a62ddb3054259a43ca818ee8cdec872b4ba1abc22376a6ea14
-
Filesize
690B
MD50a0ee05ff024e4339c44113f3b33c1ec
SHA1e2042a97d216be2fcdc185406fd53a202a116f14
SHA2560bd7f31080d9acdb0ecce7eb0547de9162d5a413894d8ab2749a024bde20c5b6
SHA51208170fb241a18d1f5bc3bffe7f5b49b88f6d686189da2b1db21184f1e3defdce09b93eeeca579e531369949c49d079ff485f66cfed5de0a405b3e1e9f6f07546
-
Filesize
690B
MD59c638b1b1cf7d9a580bc8f42e71151e3
SHA137428e332f2e9edc1efdb4b9abb82c0e749d6f2a
SHA256b94cfc5828e037d19bede25d60092f7b81c17d179d52c1e2ea199d137949c6cd
SHA512645dfca9b2b472d61d35e66d34c26e43fd90c8c70b0ba3c21ffecc63b93e56f2243be55c41159be4c7c0e8e878f45f20ed3b6a790a6da55af8d78704c7b5f622
-
Filesize
690B
MD518362451388703dfc0d629a0c45fe729
SHA1c80d73ff8f9cac95be2de55a3e91d5a22865e1e3
SHA2565a9e8fbbbb2d4a689e5ec4b32f93f45bd3962678c24ac5b53628e9d014d6586d
SHA512ae1b816a001193ce96a5dd048622943b2395e694a3722cd394b590ffb3ff989a406a44ff2c9352ea74d288c14136a6f55c6ff11819d030cbc2e8865c2418da3a
-
Filesize
5KB
MD541a30f7504f1976c70ed26916c80e593
SHA13e127f04582c0205367fb6a6ebb7bc3573f7dc3f
SHA256086483446c680c8a3bf48729cfa107340f0cd72e561c61ca68adf5d45b6d3a6b
SHA51259d784841b3b23d027314398838431f0b99e153e837e43200c9b78802c3bec384d70f642288345a88e17190eba130f9941423a63cdfab2059b3a63f0fc2a4657
-
Filesize
5KB
MD5823ece99414a026b911f4660522dbe8d
SHA17f4ea2e7c695072b24f7f73736eea98a6c9f8322
SHA256aa11bbaccfc8d2f752deb12e4df7cac25e96025539704608fd00e5ffc8547e9d
SHA512078b3f1a80e385fa27c7f4afc6eda769d0654cef12073c4e7239592f89f21730f476ce2c36cdb24a9660ecb36aa887453b55b94258ec1a06bebc09f7db50f6a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\db27f6fe-88a5-4e51-ac15-5689ccc47922.tmp
Filesize5KB
MD50f6801603353657e369fefeeb228afd2
SHA1c3c8333d73c2a72d1295a8964a9bc6646319c669
SHA2566ac90e04970f21f50e73b395c050039928e68fe884f750d1d301e18e01639fff
SHA512e7ab9d10890a9d073354c751cfd923d435e84667af0f88190f1962690a72d879cab7682e1263e64cc713bca00d1a24a44ce7bd2336a6a8388452f38bb33aaab4
-
Filesize
261KB
MD55a7995739877d6d15d665310c3924802
SHA188dfa8179298e791b907aa306093bd1ed5e17d94
SHA25632fbc04c49a32f68db0a7abb3de3ee0bbc1fb27eb3fc7d65f73db337497eef58
SHA5122c271d569efe9a40218ce986205b1c11888274de68f0e4dd5281f8c6fcc7ac00666c0abac5da6cd30843a71bb2bd5a9b32ce92bcb8c042ff7076595d7d61c2cd
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a