70c6648fb3b709b492e469fb7cec62386a3bc30f93737aee3872053867df20ce

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fortnite Skin Swapper/Fortnite Skin Swapper.exe
Size

621KB
MD5

7a2e8288e5df0845578c275dc50a1cac
SHA1

44dcda9a4c454c7c2a943ff3d0a82988618f119f
SHA256

a0ff6a885d75c190b7a4c697b181bacf99556b768c03a50f0a4bdbf3856ae39c
SHA512

37fb706c63757eadea4a90a3166040b8b383fe1093ae6ed6d04f49ec25b165b8ff17d16f84d0b3616d9a5ccadfc38ffefdda986b2cea6b1b0190dfb114370008
SSDEEP

12288:92GsGJPhfdhqLb/o0z2FZpQYwLp3Lg8SjXCWEkuoho2rg6AgmMGf0wVSVB4RgL3T:98qPA/o0z2FZpHS3LgrjXCouj6U

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3236	Fortnite Skin Swapper.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
167	camo.githubusercontent.com
168	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3236 set thread context of 4312	3236	Fortnite Skin Swapper.exe	85

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3228	4312	WerFault.exe	85

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644991566585192"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4312	MSBuild.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
4152	chrome.exe
4152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4312	MSBuild.exe
Token: SeBackupPrivilege	4312	MSBuild.exe
Token: SeSecurityPrivilege	4312	MSBuild.exe
Token: SeSecurityPrivilege	4312	MSBuild.exe
Token: SeSecurityPrivilege	4312	MSBuild.exe
Token: SeSecurityPrivilege	4312	MSBuild.exe
Token: SeDebugPrivilege	2584	taskmgr.exe
Token: SeSystemProfilePrivilege	2584	taskmgr.exe
Token: SeCreateGlobalPrivilege	2584	taskmgr.exe
Token: 33	2584	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2584	taskmgr.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
2584	taskmgr.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 3236 wrote to memory of 4312	3236	Fortnite Skin Swapper.exe	85
PID 4152 wrote to memory of 1352	4152	chrome.exe	106
PID 4152 wrote to memory of 1352	4152	chrome.exe	106
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 3472	4152	chrome.exe	107
PID 4152 wrote to memory of 1860	4152	chrome.exe	108
PID 4152 wrote to memory of 1860	4152	chrome.exe	108
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109
PID 4152 wrote to memory of 1500	4152	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\Fortnite Skin Swapper\Fortnite Skin Swapper.exe
"C:\Users\Admin\AppData\Local\Temp\Fortnite Skin Swapper\Fortnite Skin Swapper.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 3244
    3⤵
    - Program crash
    PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4312 -ip 4312
1⤵
PID:3600

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffa5a7cab58,0x7ffa5a7cab68,0x7ffa5a7cab78
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5064 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3372 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2320 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4508 --field-trial-handle=1904,i,16895673546909713234,6110154310294387802,131072 /prefetch:1
  2⤵
  PID:4372

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
329KB

MD5
389bc2bf98582752a4b510949998b379

SHA1
22d770c03a3dc8f2d09a185cb54cc12539a8d5a4

SHA256
a19c339bbf0a2c72fd8a8649199a72738ba8e76592d1346d55d0caee436fd391

SHA512
164c3ae54ffd18dbdb692480ae3e028bfcfc39bf762416dab64ba6991dd40250344ad36c0c15f73074609fe0072ca770642697a666f27397d95594f843904477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
106KB

MD5
12db4747c919800260d71579c658c235

SHA1
62cd7b4d1646452e4fcf800e5c726785fb3eafbf

SHA256
1db7e1a8992d246c5f8f45ac7bdede320af040b05933ea88452b2363e7cffa5c

SHA512
cb7cb75b01d6eb46741c083de628a3a378b5a8f1c93c89fe2249fa37c37fed7f1060799a354754b365cb53da74ac270fa9e586967ea9dbb44a2bb9d9ec4d01cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
17faa78f07860837c91282adc178d264

SHA1
80ae6e67d4800399700a377ba5ec082eb7ce0790

SHA256
157d77c34f9467cee65b45247e297088e15022d93d2a2e53869137e6db9db7e7

SHA512
459ae0029accee4fe9c83e649ebc84d58d6080b70bc4929112e191dc4baaabe17768f1616d99272c5574cb4c02867d2f018dfa0ed400fc83c37203a7b2150ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ec8ad26ef5340c8b3d2ccdd15cffdeff

SHA1
17124efcb035a4c189bc85a4fd511ee2863f5e15

SHA256
f87c38eef22cef33186367edc277436222cf65bdaa0b27ef32e4d9e59337f288

SHA512
0f73801b39ef3988902c1e7227079087fbc1e7afd30ba42e7b927d0dfe56cb9a831f44f8b2bab3e1963bb029750047d1387f0159164852d070be3f8fd84fa221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c0863ce008381499e490920ce259821d

SHA1
86b5585d3b59fc8b024cf81ecf70047dfbac0db8

SHA256
27feca6e1cb01f8fd29bf28cb4d5436c87fe4f3a9809ecc17f72302c5de49935

SHA512
71618651ac106d2fc147f543f3310ff1f63fa731872198abc917a5f7c3cb01851fed3806ef387760f3a5020647e7c0db895c12a8909b735dd83cd4a9e204886a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
845f163fc68ad9ce068881230fab6284

SHA1
b68ac035f00fb1dfb1d8c431602bcd7461dc6f7c

SHA256
d4aa92ffec9853d6a699757485287893eb832f53ece9de13b9c4cc05c8090356

SHA512
026aa042a5f8d513ddfa23b41da5dbe08b05a005fd98cdc0ab124d7d94242795956681ef37b001909cebdaf2f45d70aa0398e0413878401587bf1494472da040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0642b978b0b7722b12f54338b9e4e051

SHA1
eecab9e9431d0c24537e156dd6a1d7ec3cf4cfbb

SHA256
006522539564030156940e5abe1a8763c2c311c78a060f75df2ed5683bb0f7d3

SHA512
5f408462e03f33d8c225d30cef64da10e571ceed7c045febd91f2e8938170af1e68c13c58c2ed3025b159bc0c254125b0a9549437608799259be7e295ed653d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b5d781bf2b79fde2a9343d2d98103d5

SHA1
107ba5353ee50ac92b647ccefd6ca8747cb27a4f

SHA256
496429fce7287da0b6b32bbeed92895b38822b44c80eee1769dca949ceb72406

SHA512
63a6d1a15bae16d45c0fc9c57f95bf46fdfa340375072991084672e8539a5d977be9ffa3d8ad8d95fde382e395ebfde9afdc7ef39a2569e2d54eb1293b71dc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
37e9b3629a48e5ab19de5768417ce9dd

SHA1
e352a8acc4476f461325a9a75310476bbc509615

SHA256
512af509036011252d62d5df05faf3aab023f373dab65b73ca57c569a13b14d2

SHA512
72de4ca70b98fd3ca82e3e189762767520a8bc32d6c2d507cdebfec29135762d65130f6119b1afaea97fef84bd4f1cebda20d4da87346935397cbd3e08f5c6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1460d361af29860fa271579d3bdf0560

SHA1
1d1d9bdcb227a6659a8aa746d561839e425e569f

SHA256
728752727ecf8e27f9176569255d1d3708b4916a2eaafda1c1234cfb2ec9cfb0

SHA512
6133a17a651f3c1134382f77dc98bb16656453a5c21e1d1593411afbde585201ebc7b6d7cea15161c95e622059662840823f2fa04907c9a0084b43d74465c73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
061496a498793790c07d42e40e48be5d

SHA1
13c46668034eb69ef4379df342ac8c1a3c133a3e

SHA256
32d9ec26018b43298e346ebd4c004de3c14cab7ffde1991e1cbb718fc8a3c483

SHA512
8053148ad8d937743dcb65613140b29b41cbf70654e19e579d303e693bc3c5f8743816283d57bfcae81691822674bbc7936c5a385bfb0e2b367d162fb0495787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d5d005753fe393bfd5afb5798d44bb1b

SHA1
bed9ee29a5f29900d0d1ce58fd3a9aebe69066ff

SHA256
4928ca1d3d263925fa26f5731d42be6294244b4a0b4fe3c9da25630e665d8293

SHA512
6e39b1cc571e6c998cab7dc163b076a91c716c36851552beec9d5d901f6988e08f73fdd005e6532d917ffe932f9344ef12df92217c5e46e8e5ce2a8d04c81b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
713b6dc67f12aeee86bc3a37bee81536

SHA1
43704a1005fc84674d654b8514259a5e125dc76e

SHA256
8f18f8222625060cab4e2442da571b8e0ca652dc6a37d29874111db076a27927

SHA512
b34f81b99b201dfe63f99d92df9c550e2cfd1d274e04235c57d6d9e2a197b51279e2b2633bb6c626f1122c1b28c800bcf1cdf7263662b81b1fdf545c63f5174c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
49207201e48b3494da6c728b8332c816

SHA1
9d23c2706d50beae2aa592345e458e18f7ff9038

SHA256
edd79f64fd78980c12d0950e01229d401309782fe9dfd3bbf0007473ed7d31c9

SHA512
268bfb70f0da8ff0171915190819a37f68f1327af035371304c39d55697c4dfb2f2d5364da695e5493fa88402203691b6e8ba1041b952698242ab637eb97ea36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8361d30fbf3b5f64173559281f5b0c84

SHA1
691554ce79344cf0bb5a2fd88ed850b52be9f5e3

SHA256
78b1625ac0402910742c032dfb8eb0031fffa2e3cfa7475172ad6ea2c8b3c1cb

SHA512
a22327ca597345242e6334d7e8246cada6d0d6a94ab19ec3b7678e42d96f1a877a31b93ffda9df2059fe886d6f6a4df23906b00e0c663ed367716784b23c9a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
16556eeecdb06f7cf0286b60cdfb81e0

SHA1
ef1aeeaece1bc4886c387f690e49b724419b7969

SHA256
0e378f9024b7bd9ca3cedc882a63806c418cf1836baf0076d020e5b0d17d4acc

SHA512
b0990c1aff9dd8ac2cefaa605dc629e2acbc6d43632deaba0bbd30631f88042060a00cb706265b5df58b35458f03951f046dc192114bc523333a63c4b08f70d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
dbaba8f10b5534affe6ba4311816eeb0

SHA1
4dd2564e2f315d2f22b3949421db1292afe2332d

SHA256
8d800bdc02ed8cea649fef500f2c67ceee3199038215e6c566bb978453bc9584

SHA512
b378563c6845d03425125671dc02af18d9da64446d1d1e8858314afeb569e9a07e0531c0e4bdc0a482a2ab34c529755b65aa57b89260ca7f68240313f59d1c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58684a.TMP

Filesize
120B

MD5
5d82342a7afe323003cc56e979282421

SHA1
1962fb37cc0d5c58e6fdbfe9115dd5f26f3ceac2

SHA256
d80cc86906cebb4745d1d8d743a47142e826d1bee5fab05e67c1992454410ec2

SHA512
93f5dc0805fdafc4536a4e0ae1ff82877ad27397569510bb518a05c6ac8df5dac049c838372077593240030a228927039e247254da073e0fb87cf3240a452ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
ba42463e9e8d5ea64174f40a922fe9a1

SHA1
3d95b243eb42d0388ce8ee7b110fa1ac2ab69e22

SHA256
cdac46703d1f6e5d13039291c7ecfeecd8eb27259cd018df20e5cfb6a20b40e8

SHA512
ed9bdbfe440bd790b51cc59e7dab01fccfd2577dc6d5cc99be8b79d7e39ea38853ee6ef7247b73a4427224c75bab74f9013a4f1347f808ada78255be97101171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
17277e1695a4b44e01a8b5afd01b80c9

SHA1
772e8713f5efdb75a86a9f2ed9cfb37d82b54201

SHA256
51120d25d038c16837b06eec88f8da1ca264053a4dff63a28835513ee50cbc1a

SHA512
755e74c417fffc69b6e1a92a4bba80c4ebb1dc53b35b5203a982789ebb4cacc1d9c0b50aa521093f01306a21edf320166f585e0c235cd40a5b6a1183cd72108e

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
630KB

MD5
79ca70336e8b2f8fc2489e2025314a43

SHA1
f51d37059be9355cbf353f3df261ac0f83dc91b0

SHA256
9155f51a7738a58dfdb6490d328412550241108ba3a62aab57f0a9014552512c

SHA512
069738882e317bc350cb2d9695b28c8965e33d14d39e17f04a7b7b883da73b3046eb9ba12de85068046d0748ed2eaf3fef2b380f02c0c17fa94be28cb7681fbb

Download Submit
memory/2584-40-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-38-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-30-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-39-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-36-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-37-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-42-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-41-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-32-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/2584-31-0x000001E7D5570000-0x000001E7D5571000-memory.dmp

Filesize
4KB

Download
memory/3236-0-0x000000007496E000-0x000000007496F000-memory.dmp

Filesize
4KB

Download
memory/3236-1-0x0000000000B00000-0x0000000000BA4000-memory.dmp

Filesize
656KB

Download
memory/3236-2-0x0000000002EC0000-0x0000000002EC6000-memory.dmp

Filesize
24KB

Download
memory/3236-11-0x0000000074960000-0x0000000075110000-memory.dmp

Filesize
7.7MB

Download
memory/3236-12-0x0000000077401000-0x0000000077521000-memory.dmp

Filesize
1.1MB

Download
memory/4312-25-0x0000000009270000-0x00000000092D6000-memory.dmp

Filesize
408KB

Download
memory/4312-17-0x0000000074960000-0x0000000075110000-memory.dmp

Filesize
7.7MB

Download
memory/4312-21-0x0000000008410000-0x000000000844C000-memory.dmp

Filesize
240KB

Download
memory/4312-20-0x00000000083B0000-0x00000000083C2000-memory.dmp

Filesize
72KB

Download
memory/4312-19-0x0000000008460000-0x000000000856A000-memory.dmp

Filesize
1.0MB

Download
memory/4312-18-0x0000000008910000-0x0000000008F28000-memory.dmp

Filesize
6.1MB

Download
memory/4312-16-0x00000000055B0000-0x00000000055BA000-memory.dmp

Filesize
40KB

Download
memory/4312-22-0x0000000008570000-0x00000000085BC000-memory.dmp

Filesize
304KB

Download
memory/4312-15-0x0000000005600000-0x0000000005692000-memory.dmp

Filesize
584KB

Download
memory/4312-14-0x0000000005AE0000-0x0000000006084000-memory.dmp

Filesize
5.6MB

Download
memory/4312-26-0x00000000098E0000-0x0000000009956000-memory.dmp

Filesize
472KB

Download
memory/4312-13-0x0000000074960000-0x0000000075110000-memory.dmp

Filesize
7.7MB

Download
memory/4312-27-0x0000000009880000-0x000000000989E000-memory.dmp

Filesize
120KB

Download
memory/4312-9-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4312-28-0x0000000074960000-0x0000000075110000-memory.dmp

Filesize
7.7MB

Download
memory/4312-29-0x0000000074960000-0x0000000075110000-memory.dmp

Filesize
7.7MB

Download