hxxp://click[.]hindawi[.]com/ls/click?upn=2MhHR0bK-2B28eLVqQdfvHVRi6eycWlS2ccrwtLrHVijcqzSg7jPBK0kAwMAZDm3giPZsCkTywYsFW5w3yD15rdIyDZGffSTj8ba1kH2Znv0hDHab4rcQsuuRg6Z6-2FJI-2BGcFRIRPhP1RacHSQ-2B9-2FxbdlSce6m3fvTHpRbc1VjxL0IuJEnFfEBfg51v6ccdsF-2Fali7A_e-2F4foP31I90jWdTSxLy20kG9Kryay67Nmj0u3pB0qdEK5LIqHjJr0jNWbCG8ffbQkiUPSxwDNqqPO6FNUrY4XkTzJsu1DF7wZHoa5FmwTIaAfWgAfi5Is6KL0-2FeTcXwdniiTQiM7AO1-2FeqEhnlx01zqTrV4u-2By6nMTvuDex8HpnZZ5AoKLQ7Zsz2W90Yls-2BzBZV8QTYi5yNiCZfT5OHs1xIhBaiV-2BBzj4t1eMSV6Jzvxz1ap11smTdhy639j6SsiJhjuO-2FoUSSnur75SdO-2FMSs61bKTGdcPwtjF-2FQ6zjnsqjtKulqKEWh-2BCLJ2J45BKO1DSVQV7B-2Bh-2BsKUfk0l50joVsvkAtSCH2GBy1Vi2GM1uZV4ViVAqHfI-2FaWlzxUa22-2B2VN-2FCLrnWDjrEeWA7TpKw-3D-3D

Analysis

max time kernel
35s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://click.hindawi.com/ls/click?upn=2MhHR0bK-2B28eLVqQdfvHVRi6eycWlS2ccrwtLrHVijcqzSg7jPBK0kAwMAZDm3giPZsCkTywYsFW5w3yD15rdIyDZGffSTj8ba1kH2Znv0hDHab4rcQsuuRg6Z6-2FJI-2BGcFRIRPhP1RacHSQ-2B9-2FxbdlSce6m3fvTHpRbc1VjxL0IuJEnFfEBfg51v6ccdsF-2Fali7A_e-2F4foP31I90jWdTSxLy20kG9Kryay67Nmj0u3pB0qdEK5LIqHjJr0jNWbCG8ffbQkiUPSxwDNqqPO6FNUrY4XkTzJsu1DF7wZHoa5FmwTIaAfWgAfi5Is6KL0-2FeTcXwdniiTQiM7AO1-2FeqEhnlx01zqTrV4u-2By6nMTvuDex8HpnZZ5AoKLQ7Zsz2W90Yls-2BzBZV8QTYi5yNiCZfT5OHs1xIhBaiV-2BBzj4t1eMSV6Jzvxz1ap11smTdhy639j6SsiJhjuO-2FoUSSnur75SdO-2FMSs61bKTGdcPwtjF-2FQ6zjnsqjtKulqKEWh-2BCLJ2J45BKO1DSVQV7B-2Bh-2BsKUfk0l50joVsvkAtSCH2GBy1Vi2GM1uZV4ViVAqHfI-2FaWlzxUa22-2B2VN-2FCLrnWDjrEeWA7TpKw-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324373610941028"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 4612	2464	chrome.exe	83
PID 2464 wrote to memory of 4612	2464	chrome.exe	83
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 5116	2464	chrome.exe	84
PID 2464 wrote to memory of 4888	2464	chrome.exe	85
PID 2464 wrote to memory of 4888	2464	chrome.exe	85
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86
PID 2464 wrote to memory of 1588	2464	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://click.hindawi.com/ls/click?upn=2MhHR0bK-2B28eLVqQdfvHVRi6eycWlS2ccrwtLrHVijcqzSg7jPBK0kAwMAZDm3giPZsCkTywYsFW5w3yD15rdIyDZGffSTj8ba1kH2Znv0hDHab4rcQsuuRg6Z6-2FJI-2BGcFRIRPhP1RacHSQ-2B9-2FxbdlSce6m3fvTHpRbc1VjxL0IuJEnFfEBfg51v6ccdsF-2Fali7A_e-2F4foP31I90jWdTSxLy20kG9Kryay67Nmj0u3pB0qdEK5LIqHjJr0jNWbCG8ffbQkiUPSxwDNqqPO6FNUrY4XkTzJsu1DF7wZHoa5FmwTIaAfWgAfi5Is6KL0-2FeTcXwdniiTQiM7AO1-2FeqEhnlx01zqTrV4u-2By6nMTvuDex8HpnZZ5AoKLQ7Zsz2W90Yls-2BzBZV8QTYi5yNiCZfT5OHs1xIhBaiV-2BBzj4t1eMSV6Jzvxz1ap11smTdhy639j6SsiJhjuO-2FoUSSnur75SdO-2FMSs61bKTGdcPwtjF-2FQ6zjnsqjtKulqKEWh-2BCLJ2J45BKO1DSVQV7B-2Bh-2BsKUfk0l50joVsvkAtSCH2GBy1Vi2GM1uZV4ViVAqHfI-2FaWlzxUa22-2B2VN-2FCLrnWDjrEeWA7TpKw-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb003b9758,0x7ffb003b9768,0x7ffb003b9778
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3152 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3500 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5400 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3284 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5636 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5712 --field-trial-handle=1784,i,3870315848435812942,2058368192489548716,131072 /prefetch:1
  2⤵
  PID:1524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c5546d69d0b13e8afa3f7c8d094ae7bb

SHA1
cc2996aacb3178e6c2302d384a0a21caa33dae94

SHA256
f55713c9f44cf9cca846072af88b0cb4be77c9824752e760338586a9e9405b65

SHA512
1772c171c501b0aeb8df8cc1a5f500c1636b76f179c115e8f253dd80788b651e385b8808e0578e145373b79e5f2a2c16f8bbf630e030b14f797513c708698f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6df84d0e498f499934e486562a75ea4f

SHA1
b7116e31803663e58310b2bb59fc724abb09c481

SHA256
95688afa11f2e7db5dc6cc32da5d116ae4c433b696325680844fe4f7f5dabaf6

SHA512
9994d64cecefca7afe0295e7a01c6c33c0054518bf57ed1ec8424630a529a184cd9aa65784752e157410b7015758f0da4b46f934bc019809be5276bb0802285f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
809e9d9c3e51b55cdec0afa08417b300

SHA1
f5958ea0e706c2ed3454f0585f234018be48b19c

SHA256
2636e66103fe31959a47e7bf26314329be40212bf29e1352616d82aa65afb689

SHA512
6ff6e25dacc3805ab6e9c5741802aaebf5cd702366acab5a240080842990eef844cd13bf49b0a7438d733746d7646dd673b8294db24d14560a8c13489fc06985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68eeb87fb878636753e0ac4cebaab0b9

SHA1
7cbd4f542488b3d6de86d0695dcf810bd06b6df2

SHA256
490e2e09e9d2b94c46860dd32c6bf2c92eff83e2c6fb675d7bf1f30a5eb8e64f

SHA512
d38bcbc3628120e73c8703e75e7a3842736787ef369b83c5783bd3439eca384a674f205095285a35c0ecac8763ae9eceba56be6694204b5ebc3d3b75bfc37fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a5b3257e4848bf289c91206318ff07b7

SHA1
268e307e9b2e0bed20ce4679dc4c011102070dd1

SHA256
38024b8c07c57b274eeb8d09b407d3909ba414ee1b9eb0baa8565ad291d666b0

SHA512
d565d9437d49a3bdab07db9f9f293fb3f1edde76839dcea50bbf19206080daaddee126bdc02ab48e2c069a93f025a1ec259322ab44d0097c558433c220a29496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
eb7562deacfafe026208dbd034c562d2

SHA1
2cb68143564f250443300750a1d364a19473070c

SHA256
4539dbf8291480cc5c7e104223d0e33bdafae9bb3e7f1fd52b05523d4dfde35a

SHA512
9121cfe52bc79e539206b1da2682cf314f4593b1a69a29b1034c7a31e0f663fb30af855cdad2179b0d8a05250467f7574c699897cb794443983d7d2290175a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
d2e1dfaa7d2924cf9927f7a42598053e

SHA1
ad086a8a13dfbc29f09d55db169e68c3a79e7380

SHA256
24330272783c708af125d45eec109f6f005cf59389938ed954630aa253575258

SHA512
087f4eebcff4ce99e9fdef95c22020810b5e7705f9ad2ff19dd0879d978ffd63bdab3f65debde9d8954228810d6352e60d6abf16412393c90f47b9addbbafde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit