hxxps://online[.]citi[.]com/US/ag/security-center

Analysis

max time kernel
1800s
max time network
1760s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2023 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://online.citi.com/US/ag/security-center

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133296794563597749"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{3656855B-B3D5-4C2B-BC22-AD856AE024D4}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 4900	2316	chrome.exe	84
PID 2316 wrote to memory of 4900	2316	chrome.exe	84
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 1748	2316	chrome.exe	85
PID 2316 wrote to memory of 3884	2316	chrome.exe	86
PID 2316 wrote to memory of 3884	2316	chrome.exe	86
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87
PID 2316 wrote to memory of 3880	2316	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://online.citi.com/US/ag/security-center
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffade6e9758,0x7ffade6e9768,0x7ffade6e9778
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:2
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4804 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5328 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5308 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5248 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5384 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4876 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6368 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5376 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5548 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5356 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5568 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5204 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5528 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4936 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5632 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5464 --field-trial-handle=1796,i,8678941696809984759,12641117126886734759,131072 /prefetch:1
  2⤵
  PID:2872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\815806a2-c619-4862-b0f9-2c494581eff7.tmp

Filesize
6KB

MD5
e6ed37c4ad02dc68f907dfd1561ab4f8

SHA1
2f1d5ccab14b6b4732113167af25e8789d02683d

SHA256
62f2d8d72afe40355cfa980316e5a9cae90c5015a1131a79368d3132c2ec362b

SHA512
c9ff0c978854b108cf738069410e0db000770e2e7ed1a2ab4f8b82492a7f13a4955bcf4ac383ed63c274d8c5054804751a8aeb2ab1b0797baf94d0777900dce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ea3225fd998d729c1f49f1f2c4a32201

SHA1
f8ceb751b0f4e8309bbd6eb26b491397783aea91

SHA256
700cb824821af00706b31fb6cda74e2027d273d87e80adbcbbc373d18bfd08ad

SHA512
dfc00330b34f1029bcac934ba7313d60f6c29f5b6985112c40fe1698cfbcded2717c46100b9543cfbd88236acddc42b6d51e86026dba4a5e47aaa509339e55a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e706f8547cb6c0e1a730f8651490aa76

SHA1
e1be8c07ed52d802240910b9d2d0303785ff8265

SHA256
064b07a5c44aab6d3a9ac51ec86bfa6cd76ace868241a998c463845242129c9e

SHA512
88afb81a2bb6367f9228552d86a198324912a8e9eca57812719c62a6d3434ac0d549026c55083f6c11fb0963738b3a0888d950689d22df7d89a3f16bc8493cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_h.online-metrix.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_online.citi.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b5d498a02c6d45be810bd37121017cbf

SHA1
c6899f01785e3d34303c508a6a52bd7c8c000dd6

SHA256
681b1acbb41768fc152230797c67f7ec3fc10f09aeb56933d6b900be43bb424e

SHA512
2828ebe4bd9ceb8b1df75298d53ef2fc33578b3f65aea45d8b34b06fba4c026d0eb1cf3dd86ba5070590675d4cbc9b489e33930b26e70b22cc094470de41381e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9f9367d62cb52ed471ec3fc85fc5e18b

SHA1
55ace69eb6efcd45e72a08adcc19f492903fa1cb

SHA256
4d913322ebb6419cfe46719cce697eef323bbb9f75e1fcb8835509fe20540dce

SHA512
ad8c5db8d489f3d273db6c1e2cf207b1154eef0bc4349bc3e89225fcb1a91ded5490c7280e0db6e251ef048897245ef24bd88265dc3572e57a769c7e3f263949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
470a4bdcf6a1980143ccee00bf773fd3

SHA1
33d8161b7bcfb5a10a7378326dbda21fb787982d

SHA256
25296c9b6dfe77548b5592d844d5edc4df16316371edcf1cb121932d493c6e26

SHA512
fbcda198c746a0f3a25a099285f0914615e24987503378b828ad57e443888f20ef6488bf2136e3245deb506490a8a7de347c607e225c66a874d17ac78b28d5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
deb197e0c8b2713c25cb5ddd22a50099

SHA1
c00eb62d47dec9c381b9e2a0d8a92cbf485dfa80

SHA256
0b3a34815aaa6a6cc9bb9d2b738af958817a91a5c282fe0f79fd4d4c7d062340

SHA512
069b5dd325286c039d9d00c21b8f5807e5349fd578414911b49d9c5f29ec294333b7d6ee0700fb41042119bb35914f4924389cd8f41025ca6018c169666ed22e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
abb32c0682e6d82376f2a53be4927084

SHA1
deb00e93ec2ec6905cbb861dfc184c8c1c576c4d

SHA256
1ad7de849c60bbbcaeedc8644bd3889994a9a7bf46fc3989c73ddfc698de5fc0

SHA512
c901f81f8a99d4182392ce7ecea3ddb9a64a5dc45e5310e7ac219794e1f4ff441d25c7d7244c1b2015a04f759a9d09fc7789691ae6126842338871b1b68aff67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
aa9d12c4acff8b4a7a2368335c34a159

SHA1
00b61c179707eb15918f9f9a2924bf025a52dec5

SHA256
f94c7f26e3d333a37f47c7eb118a0ea01d2e6845533ca647408354de90e5ff00

SHA512
5a581943e81af9b68b48be68ff5b198d5fd26309f4c37105008252f1d3a0c6bd8f4ab05c2b9e9caa5a87d7e1ab20fe0ff46d15c6ce21566c3e5fc257ac9bf791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
af44f766d9d8df7d7f0e410506bf3f67

SHA1
b079bad772d8f8875a4f42a425cfc3dd8a2c7beb

SHA256
c2c4a10845d70bb9739ec7aa029000db69d27bfc42734810b359b96b7e01e1d9

SHA512
398a3dc81f269382e43e60ef4946ff945e7ebf2bd67e89ce60ab35622a8fd1e105087ba5c49322a125b66e8851b27d364f41d30addc4bd10110893b0272f00ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e335a40baf0d9834151d6bb3dd9c2360

SHA1
f03c0fdb5537f4c5b28aff4378004368c7f98ee0

SHA256
dd212b321a4b55db079fda47e8dea6abf1c5c41aea09ca1cccf1139b3ad3f8d9

SHA512
4ffa35eba8c70a291b957da543e428d55bdf31ad5f7e2d637d00cb21efdba55630164cb6f7459bc3fd816edab52acd543922b6ce40cb7e9b587e380175e228e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
dd466a199595fde51ec1b472b4aeb084

SHA1
aa9bb6ccde7d398134a2b06b64e5472bda976418

SHA256
fc5837a6f6b0599c2e22aa6c390f0c62bcb4ac9c32963467d3b49039fcd9e206

SHA512
5402ec2570cdfa7d93581fd084f12425c8ef96f99937f320382ba3622872ea1031b675eaed0289984d9207945abe15cabdf6b7419bc055805fd838fe1666f2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f51f5d922792fc176b4f8ffde2635937

SHA1
f99e9d95feb0f0379df7c7ad3553d0f7c735f7ce

SHA256
8a87248922c644137b3e0cf07fb09320290799ff46d6808fdb2811a598b3b9c3

SHA512
301f0d585384d77c4d9091a2bc75325b86b2d5d965470d28141054cb5f89977c40d3d36671db8f6481123689814f50e23afb58095cea2b838c88ad64f74ce801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5a2c3127c2f83d9622e1816e0376c95f

SHA1
d861dd911f42d70e4f4e7939e6422799392c7140

SHA256
75b57815e93f8a772be07325fd39070b03c86e288d1ef8069b1ca79360aea415

SHA512
fa66ac9dc4963e5c6db34396507164aa27f65eacb121ebc1ee7781855797935dfbe6b4659ab4b137a66158146628eb28124a155f8a7a2744cfc8648ab493b9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
195235a8bb12c5e5866402758226bee9

SHA1
83b054593ac9602697c9003fc95133777258c31f

SHA256
a17a4a01633c78bfe9adba504155f59e3ed5c57b67647e13a5898b10df5e1b23

SHA512
8ef2d0c1dfc0a224639556e3f65697de75bf236bc9247a30f8cc40b0ac5f05de51c4509d4deee560e094b407b47e1947d6b428529d634feac0274a1f3f3a9251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5590c6c7df69dffe22d7b579b14c4935

SHA1
f1f5f3367871a9f3b3b8582ec00cdc8ea6aa5af6

SHA256
51c6aa3030a8d9daad135e749ddb95434d03443c68ba6fd1345ba679deb42743

SHA512
36e185aa9c45522e422a392c82d769504a0af8ff99b7784b8e0f56c70f8ef5192560f28cfdfdb30006ebe4e1178e6e2ba5142602935cde1c18ac4fc16dec4362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1a0b2defe81fe2d0bfb565bbd8583e1

SHA1
323df818b2dd6c73ab160839eccbcd0da5eb8540

SHA256
67eb3f4bb58a24114614fd67cb7818f2ca6a8bf9be3149268244a3d9284a5709

SHA512
234c86d32fe49a98ae33aa9d28dcf0f2da988e001ebcb562f6b83547c1175d7d6e768fbdbeb878b76184bf55b95e90ba3e936e23f72a55f35ef45fe1dd6af851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d99f8fef15ca8339bc06c35bb5a541c

SHA1
5c687fb81322b7bb204ef4007507dfbfb2b17f33

SHA256
0edd1b1f07e5284ad81fff2dff4fb9469b7ac8b918a220e4f8994cc7a619b8e7

SHA512
04f939b8dfb518f63daf6182daa2731d93d545d98f9d6d9ab465c325543bd6e61c01902c9b539b9da341047e2690fda2370faae5a80d531bdcf9ed0a8d049c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6543b569789399685728af805c18c941

SHA1
2d5eeb2057ec5736d1e856aad50c649cb291b082

SHA256
333f065295d916f0cc3c8f31d8c7a8c4c06f3f263c987c44f334b9862c238f71

SHA512
d014e967eb54127682984499b5dbeb119bbebbbe8fa63287c7079f8aff6fa02fce36dee26f652b2a2f7c89b56de5809d590abeffe1b64b694906b6d59f2c12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9e30b8ceba7d334f18001f91d14745f8

SHA1
d852e90fed1b6850652117404e086f16fa341414

SHA256
f9f1161ae40bd7519d30c275c021ad9ef3f7bfb71070821f5df0e881c9342eed

SHA512
928fed2dee7f4ef80660e4fe4c17e8e30f02c4d65acc2b0c847ac2b7923d909803623c4e62610f1fe1d3be43c427be7dbd4461ff003d6ffb4d25a1709ee6720a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
2b16f8bd49fb20a1414ac203ad098981

SHA1
7193da6723ab1a469865499dd7547153c0a3db50

SHA256
dcc25e33ba269ab01c9867140ad3d4580691249d27da949c8ffdf8551cb4929a

SHA512
cc746b00ce0d0f06ba0dde84f95755f74b5ca23686e5373ca5a93da448101c8560ef5d2c61a4432cc0a06b7933061a575ee4529a5a4d5d5cc6db4f79688a714b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit