Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
3ch/Cheat Engine.exe
windows7-x64
5ch/Cheat Engine.exe
windows10-2004-x64
5ch/CheatEngine.chm
windows7-x64
1ch/CheatEngine.chm
windows10-2004-x64
1ch/DotNetD...32.exe
windows7-x64
1ch/DotNetD...32.exe
windows10-2004-x64
1ch/DotNetD...64.exe
windows7-x64
1ch/DotNetD...64.exe
windows10-2004-x64
1ch/libipt-32.dll
windows7-x64
1ch/libipt-32.dll
windows10-2004-x64
3ch/libipt-64.dll
windows7-x64
1ch/libipt-64.dll
windows10-2004-x64
1ch/libmikmod32.dll
windows7-x64
1ch/libmikmod32.dll
windows10-2004-x64
1ch/libmikmod64.dll
windows7-x64
1ch/libmikmod64.dll
windows10-2004-x64
1ch/lua53-32.dll
windows7-x64
3ch/lua53-32.dll
windows10-2004-x64
3ch/lua53-64.dll
windows7-x64
1ch/lua53-64.dll
windows10-2004-x64
1ch/luaclient-i386.dll
windows7-x64
3ch/luaclient-i386.dll
windows10-2004-x64
3ch/luaclie...64.dll
windows7-x64
1ch/luaclie...64.dll
windows10-2004-x64
1ch/plugins...ple.js
windows7-x64
3ch/plugins...ple.js
windows10-2004-x64
3ch/plugins...orm.js
windows7-x64
3ch/plugins...orm.js
windows10-2004-x64
3ch/plugins...rm.vbs
windows7-x64
1ch/plugins...rm.vbs
windows10-2004-x64
1ch/plugins...le.dll
windows7-x64
1ch/plugins...le.dll
windows10-2004-x64
1Analysis
-
max time kernel
300s -
max time network
311s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-es -
resource tags
arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
05/07/2024, 14:11
Static task
static1
Behavioral task
behavioral1
Sample
ch/Cheat Engine.exe
Resource
win7-20240221-es
windows7-x64
Behavioral task
behavioral2
Sample
ch/Cheat Engine.exe
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral3
Sample
ch/CheatEngine.chm
Resource
win7-20240508-es
windows7-x64
Behavioral task
behavioral4
Sample
ch/CheatEngine.chm
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral5
Sample
ch/DotNetDataCollector32.exe
Resource
win7-20240419-es
windows7-x64
Behavioral task
behavioral6
Sample
ch/DotNetDataCollector32.exe
Resource
win10v2004-20240508-es
windows10-2004-x64
Behavioral task
behavioral7
Sample
ch/DotNetDataCollector64.exe
Resource
win7-20240704-es
windows7-x64
Behavioral task
behavioral8
Sample
ch/DotNetDataCollector64.exe
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral9
Sample
ch/libipt-32.dll
Resource
win7-20240508-es
windows7-x64
Behavioral task
behavioral10
Sample
ch/libipt-32.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral11
Sample
ch/libipt-64.dll
Resource
win7-20240704-es
windows7-x64
Behavioral task
behavioral12
Sample
ch/libipt-64.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral13
Sample
ch/libmikmod32.dll
Resource
win7-20240221-es
windows7-x64
Behavioral task
behavioral14
Sample
ch/libmikmod32.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral15
Sample
ch/libmikmod64.dll
Resource
win7-20240508-es
windows7-x64
Behavioral task
behavioral16
Sample
ch/libmikmod64.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral17
Sample
ch/lua53-32.dll
Resource
win7-20240508-es
windows7-x64
Behavioral task
behavioral18
Sample
ch/lua53-32.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral19
Sample
ch/lua53-64.dll
Resource
win7-20240419-es
windows7-x64
Behavioral task
behavioral20
Sample
ch/lua53-64.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral21
Sample
ch/luaclient-i386.dll
Resource
win7-20240704-es
windows7-x64
Behavioral task
behavioral22
Sample
ch/luaclient-i386.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral23
Sample
ch/luaclient-x86_64.dll
Resource
win7-20240704-es
windows7-x64
Behavioral task
behavioral24
Sample
ch/luaclient-x86_64.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral25
Sample
ch/plugins/c# template/CEPluginLibrary/PluginExample.js
Resource
win7-20240508-es
windows7-x64
Behavioral task
behavioral26
Sample
ch/plugins/c# template/CEPluginLibrary/PluginExample.js
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral27
Sample
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.js
Resource
win7-20240705-es
windows7-x64
Behavioral task
behavioral28
Sample
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.js
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral29
Sample
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.vbs
Resource
win7-20240221-es
windows7-x64
Behavioral task
behavioral30
Sample
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.vbs
Resource
win10v2004-20240704-es
windows10-2004-x64
Behavioral task
behavioral31
Sample
ch/plugins/c# template/CEPluginLibrary/bin/Release/CEPluginExample.dll
Resource
win7-20240705-es
windows7-x64
Behavioral task
behavioral32
Sample
ch/plugins/c# template/CEPluginLibrary/bin/Release/CEPluginExample.dll
Resource
win10v2004-20240704-es
windows10-2004-x64
General
-
Target
ch/CheatEngine.chm
-
Size
299KB
-
MD5
bb80fec3b6e843b61859914480706cd9
-
SHA1
0ced874bee5bda6059b5195911aa117693d9d2de
-
SHA256
2d52f9d59211f8906ace16525721b1400343bdf720f062cf111d84089f129009
-
SHA512
78d8a024dabd111b59beea4dc21150c7fbb3a6924201d2f3ff9e720e4bbc967bbff285ba2064bc35c260ffde433c639fdc0252c47ae29b43398117eda21cf648
-
SSDEEP
6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1444 chrome.exe 1444 chrome.exe 464 chrome.exe 464 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe Token: SeShutdownPrivilege 1444 chrome.exe Token: SeCreatePagefilePrivilege 1444 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe 1444 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1080 hh.exe 1080 hh.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1444 wrote to memory of 624 1444 chrome.exe 91 PID 1444 wrote to memory of 624 1444 chrome.exe 91 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 1012 1444 chrome.exe 92 PID 1444 wrote to memory of 3060 1444 chrome.exe 93 PID 1444 wrote to memory of 3060 1444 chrome.exe 93 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94 PID 1444 wrote to memory of 3988 1444 chrome.exe 94
Processes
-
C:\Windows\hh.exe"C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\ch\CheatEngine.chm1⤵
- Suspicious use of SetWindowsHookEx
PID:1080
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa0e4aab58,0x7ffa0e4aab68,0x7ffa0e4aab782⤵PID:624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:22⤵PID:1012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:82⤵PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:12⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:12⤵PID:4108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3676 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:12⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:82⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:82⤵PID:1004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:82⤵PID:3836
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:4992
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7463aae48,0x7ff7463aae58,0x7ff7463aae683⤵PID:4640
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4880 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:12⤵PID:64
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 --field-trial-handle=1372,i,9144042348828000769,5992910005593516475,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:464
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
Filesize
168B
MD5e1d0d2e4a8b09226ff02e3e2da4bf5e6
SHA16384fd50ba4caf96d8cab42e555c79636749bdca
SHA2563897ec59721f7b2a1566747243d474e0a93aa761a0564cc348825538c2f454db
SHA512cd7548e31802de5c04f4a168e74a3c3b8a753df2bb9cbc4dab18cf84ec89133add006e6e33b0540163b6a8f813f17e332692b63838833c33133650379815f324
-
Filesize
1KB
MD5889ae08976f15e4d7d65d303796c6235
SHA138bf00a9594b69da4643ca59ffb9b0bc78dbfaa6
SHA2566a61729545928a221f13a6aaa90ed4202294244bf641764d0135d3074dd3dc64
SHA512ea30ed156741282822abbb3dc0b650531f6548fd630f714fe3be206203161e25606a21346761d8a8d540d7e58fa2a464b49ef3c808d49d255f8d883992536120
-
Filesize
2KB
MD561a78237cfb319dc567beb927e2d8951
SHA18be58914ed3b41e4108353b3f5fd4122f2a0d9f7
SHA256a795f82d7451c93e45396da000f85f0cae45a6bb64fd3045fa96110136232fd6
SHA512dff82b39dc839b51b825f467479087f169c8fcbef40ebcfd1bebfb0e058a0422b1a99a0a833f07cdc69608654047a2da3ff334fe329f5ddae70e503412b5c16a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD5178543d2e15946f40a9b23ec90b8c49e
SHA117356caf87a8095c99ea679ab34c380a3b386c3b
SHA2569c4b563abbf1c50658099659bbdf71c3563ba97b10d21b5a11e360dc7ce00ef3
SHA5125b1388a1d2f8ebaa230e07c5e97bf5b5d61cd034cffe5ec09bab21c1adeb6111703ab20988c4c056be38a085d73c497e4d8633d1900d61a2d73811d70e8a94af
-
Filesize
6KB
MD5aab0867220a934a560e04443ed0ac931
SHA1b8b8f292b68282e53ca306577e8730312fa263eb
SHA2564ea41870c07aa99bdf35dfa5d79d31f7be78de530483ecd016f6e1e1bc7920ca
SHA512dba6b7c8e842600adb659915be399f557262da76160bd01b3f44bca6048e787bad920a70788cc133770109808a7b5ed249583755c0a6aeeb090f5c5a6da5a7de
-
Filesize
16KB
MD51e96e1023b593b6d9f26ee08a9689b15
SHA1360c5dd37a29f5b6ea3151177132e4f49cf0f837
SHA2567751e09f974ea3620c1709f383a99dbdb3d01acf6d1e5e0dc178f29783865f0c
SHA51230a4aba27aad47869af4a61b82b07e2e4574134f406387bf06ae7eeba25a1e571f4b9aec6a2ee78c30fe382e79244a99cd0bf3e1048ec26c6fdfcc632ba67ebb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b259e470-59d8-4c07-a289-4b4fabf963f3.tmp
Filesize6KB
MD5665355ce127bdcd5adf8e20454ff739b
SHA1b244576dc87db0fb06e2bc2c0a53ad6fd36c2ad6
SHA25649135ee2b2f011a770b0cfa30f564353998d4dfe95f32a520232ee582c3dacfb
SHA5126cc01e57711451d76a5ced7319724afb3a34abf244b41506867b611d15bd98c98d4bf69fc6b8b8261938f8481524f186aacc7f8f75c7e9396a02b14018fb4176
-
Filesize
285KB
MD50cabf5718a3762477185b09a89bb1b0f
SHA1c02565cfef1b974ef66dc0da4755f421e621e3ee
SHA2566536570e75d424ab171d5dbd7b144a637b6c4bc2560096a8f6882c0f96a568b9
SHA512de9f7d0f5b22b9d5a419ee462e5defe1a730227eb81c238a336300f7cf81c669d2fdf9c3fba3fc60d4189cc65517a9e968c3154535c950617efe83401ef8b33d