hxxps://workink[.]click/popups?t=fcbdc2d1-36d5-490b-a06a-a9e6f9d39255

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://workink.click/popups?t=fcbdc2d1-36d5-490b-a06a-a9e6f9d39255

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133233779834914598"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4680	4936	chrome.exe	86
PID 4936 wrote to memory of 4680	4936	chrome.exe	86
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4172	4936	chrome.exe	88
PID 4936 wrote to memory of 4132	4936	chrome.exe	89
PID 4936 wrote to memory of 4132	4936	chrome.exe	89
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90
PID 4936 wrote to memory of 1648	4936	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://workink.click/popups?t=fcbdc2d1-36d5-490b-a06a-a9e6f9d39255
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2ea79758,0x7ffc2ea79768,0x7ffc2ea79778
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5400 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3428 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3184 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5452 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5404 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5580 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5576 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5364 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5788 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5092 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6160 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5436 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1584 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5352 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6396 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 --field-trial-handle=1856,i,16084807771056905761,16922122293574384234,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9f73e3df-c950-4b51-a4c5-513f64de41e8.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c2a28f434523503631ac42635a8feef6

SHA1
1c32e7f03783bb84c1d86107cc77b5a17ec68b84

SHA256
884a9d87d04c9bf3cf2dc03686a77210f3a4d515460d44e36d928c9adf8d3dfd

SHA512
d81cdadcfd54a2fc64588618874a77790e8519d8197288a9e4f48fd42d180949904b1f459eb13bfd95b8d0ec1c715ef47e0a7ad3a79a4fbacfb8dffe3bc8bcd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8f8f65e773778a584e4ee02d733509be

SHA1
467600d3f67dd7b4670d17ac317dab6274e0f082

SHA256
c3cc2b5d0b52931e1c49bc323eb81087130b355b0b129049e646c51ee5c8e74b

SHA512
e269358328b6c9fc0aac1c25f716c3d06b3befe8a5e7a655839ef1b4efb8049f245872eed4b77a5caed51e3a5eb1f821f9c235623008857ae6e7c879812016b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
62d9c019ad1b8bcb6ac815f6e0e039ff

SHA1
19b18a7a217caaf30b5081c78af75edafe37963d

SHA256
0b083ba93797d617da97b36970401e627466a0e2bc31af12054dcdb93d050480

SHA512
146c2d3c7e902d7b32a18681f731ab00d14a4ff34fde45ee26d41dc7868169141831ce26c7b454a845b74a5d507ed8fc53098a9df0243ccca4d19ad3476cfabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ee255b7a21a643afcd2bde6c25436eca

SHA1
ee22bb6e600ee5a8955aa82f077cac9f6de1dc5b

SHA256
ba407a1febd1dcb2a7721f886acd2e718e8299fc78cf3cac9e8e5b44ee928b5d

SHA512
cc716d03bb2d36f60d860e2b19845b416214e128257111d1c674ed21b4a15744916f45f291bb63a258a425858c674173ea591a55745ba9a259603e81eac67428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6acce87dc4a83d01abad79de058938d

SHA1
ad250dac8d5e4ef24dc68c78c8ed6c4d16701cd1

SHA256
167e846257034ac4654ade97756498fc8e0166f203660f68e5ca2cc5f3c79fd7

SHA512
07a8d116b6c737f480f603e3d008318ab2b5cf18f9eb0ee7f8e2d71b37c1dc10438a5467a009254d05a7419260f30dd136c3904205e9318415195636121954a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c144497c32a53183987a5416b70bb965

SHA1
6e65cc7a37bc087b3e02553e4547b82ab623da3b

SHA256
ad3da2c8d537aa87c69db6706cb7e4cd970bedefbef82bbeb6523a1e24597fcf

SHA512
acfd957d520679c15e09955ad918c89b8ffd35ba20b57f5e0c5e2fb42818b8142feedb7aa39603c35eeaef7d2f2fd3e28a149566711f9af222c9839c1f3e3a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c2504c26376c52660957e6c3f886bf32

SHA1
c8b8cca93a29efbc1f6f9705467d078f3905e8f5

SHA256
2993bfd37bd97135c7be89df6b5789adc8d96160da8ce58411b2592989ffb6ba

SHA512
7f61e70437565109811d20855f9d6a14da89740146d28d2fb89baf534a5339bcb9f0110ea663bbabfd3d94b85d5f4bb05688d5573443e17212b67938727f73fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a285d03f285e62fc3ecaee365583cea

SHA1
7560b41d769a0ff581267b0857e28ca015f5e62b

SHA256
2499d7c5ac1112515f8b543cc61dfbd62caefcbf3eb951637ed947ab8a5a3c3e

SHA512
3bf4e122dd3570c0ee96fb428c9076bad9df4cf03cbda586b2a6afd5f5b4af03ba9b6f68b4b06bcff15991b0bddfc3f9cc92c4329ed92d56c9dfb389e8e7093e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
24c7ce9dca370aaf7e65fdd18e48eaea

SHA1
14e229f5a0f5dbd30e630de4f44a63e1812fa88b

SHA256
14c151ee6fda459ce9dd74695de57e79e182cad7ddcbbbe80a27053b271b8060

SHA512
ed9c46be377ee1deee5e23ffb39a1047eb05ae51db90d249ccaed83eb8342c8408b425059433e426a5549fdf22c5af1dc1e661ce33083971b9d3bcb6e4f5b661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ced677eca11a5978921c1fe30396f1c

SHA1
a6ea47e089d43deb784d6fccdda295a352d35d43

SHA256
4997fe4aedc0f59a3d2e420fdb1e357e1865db6e166da3e2d5e3886cd5402755

SHA512
136ecc761e49c1bbc255d249578bf36d4361b3ed0d80c1dbd550822d14a4ebb1202609ec5a044e31a2cae857a2fcdbc66f95d41d4791f15320cf6eb375bc3f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ff3c5ba5589c63e23aaf67a5409cbb23

SHA1
731c85476968ac426b56657b646068465a8ae60c

SHA256
f1f477c30c5713f9ec39128a6ea9a406ad88d875a5ca3355460f752ceaf7745b

SHA512
034724c8c7658aef206f9c7676a5f429002305288a446d0863985a421615fed63a90a8d2b3ca17a6e64a7773a15122fcec3aa2651bfd2773e23ce48e3a8de9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
9277af769b02aeffc83aab559f1b4c65

SHA1
22b34fd46de08380aa557315339a29e336b72a29

SHA256
91fb822c5893c3b80b4be27e252d4e67847cfd774511d5de2572b67031f1c25f

SHA512
966594e944637387e707279fac3f3dbda46440b0b7db16c50bd09db650e6578934af27ddefb0b99147c8b42f10ed31cc6d43397615c4e8de81a9bb1e889fa6d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
f5b7c7bef18cd933751f94a3b3ebb98d

SHA1
a3fc3a277abc205281ae1708e5596b33fc3a30ba

SHA256
fe56f2dfe99518de4d698137326c3ff387cd44d031dd461af3a1fbfe8c32e800

SHA512
13d74e40f6d2a6b6a816477a193e0f2020ec8fbfecb851f19e1824a6c4b3ef93e7cf1b05fa6af92673fbb9737d9a809ef10d4d6baae7f831d36601ff7bc72f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
090523b0eb02b288077db5fbd439303a

SHA1
c75a5f7682f39d01d0c235e2e09dc23a83b09698

SHA256
86bdb0df4ccd1130be80db3c318096b6a45ff240f232d21e80a540946c8bafad

SHA512
0075e6b11113e57feb4f93b4a6bf3397a2be4104ba7495e969bdfb29edb83b5f6c08bc7369556fbe8f14b9bac4692612d83cc2f1d1b4cf17f76b14e97148428b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
efca614b134282436e10ac711e59aa83

SHA1
adcded4c8eca45fe51f676316a9fc051e59dbf77

SHA256
fa6f4a333e7b711911b0c7a4c8be12614fa369d3c52b9568ff5bfff228464ecd

SHA512
7bd2c24768c9becb1f302420b91d5d7f1a8883c1f9a0b5b5d77e08a1ba77edd8930f0ef9eb99b5ce9e1de670dbb4ce25d59272232d72b240f5a08b45e7298711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
7b08dbb67b95b46aae51fba604ccad60

SHA1
a6b500b6a63f4b7d1f89ca31321cf8ea1e0c5e30

SHA256
c1f90d6d9e9dfb345fc4b121da10f2b8084e278e02d702d20b24ca9416d3829d

SHA512
c6addf7ee2c737d4463bc99e90bf3f5483949aa86668bd806a04cebaef77d3ee429326246c92f7b66bb68ebc02ee23f1ac57ead67e7b2fe5fb8225561ac5a327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
c9109204358f7b4ae26db26d8b6e7d22

SHA1
29e3b8fa60b08a5948f149c7b0b2be254879a798

SHA256
226e12ee3245c5bb357976b5c143b3998f286328d34863ecfcad703f01b0d2e5

SHA512
39e2690e3837bc675d84c2180ccb43f2b97d812b1c9f840b92298ae1052218b05eae85d0d751d6cc12311846b7892a970987256bbce5eb587dc1b6e01f365fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
196bed120e28b4d230189359525407d4

SHA1
7407e2301299c2de5b9424e61008be769fed16f2

SHA256
aed9f8f0ff7059b61e6da4eaa142157030fda58eb95e0a4b70bcd4b8d4f1e959

SHA512
c7235cc3412513380fe716bc289569da652911f9e2bf549cacd1ec8786ac915108499e0bed3a6b09460e3726e0af34042ce2eb515afde76918fd633886980e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe571ccf.TMP

Filesize
101KB

MD5
61b9f6d21351b895e8c8fef1382b8f64

SHA1
50ed117e4443c306062b95a3930a899fce484fc1

SHA256
09df8427d4f814eceb976539d7301949be06850adcd802176631f866afe85445

SHA512
40962e3b78ffd779d2b96bde7185b29547b5f787d820b0aa157dc5682dfdcfe8c9433f5bfacf63be0eea09d38a5ae9d456411a9d9358cf490d337edea351348f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 308590.crdownload

Filesize
1.4MB

MD5
7f5ff592b91e28a827303ad81a381f35

SHA1
2f840eda2b3e0c409b3dbd00fcdc68565f861162

SHA256
5b3419ae552d690414c96c0c984bdc4236e4d8c33c2aad61b796ed9ba734a594

SHA512
311c86d47fbd7b2e078aa4c6d5d8a8c3feaabcceb360e56cf82c7e5a3c42107c1c9fbddfd1b9b7e602811869e881b82edf03a68ac3ae64061aafcb70db95cfe9

Download Submit