hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fc[.]apple[.]com%2fr%3fv%3d2%26a%3dLFGBuluglt%252BfjzVMkbjDFBKhFJoKZoXNAnTNLWAfZ9oQGFsfjHgTkeNFvhoKZkXrKno6mrUgpXOpRF544sdDVp1YkEsnwyV7hl1u7YiF1M811ySmKKJmbjsYodCS%252FZYwYSFqGlG30NHXUKqWtf8aFdnU8QXguTodST3i79323LcVpsv0Nz27VPQq6510%252FxOzQzwridLWqagX6SRF0ksNDxOkuHQEvzQqmTqRGs5k87stbljnnpz4d2iTmZbhR0uzu78VvObTlcfalhqcAL%252FlJjWnQRsjuda0NrMLFf%252BSqdJdM9DDvPdF8Hz8x7Wl7qzMPrdK%252Bzl77d0FMBpMYDMZIN7qRX9jA3SzsVJ6vvOE9%252BBbj8H0A9UsiIl0464Gttzuot%252BOcbx3NR8HtVrfDTgP8MzgPUgHIOfV90X13oDNeUNtjqGR6ioxMUX6H2F5soU4lCJtZXKEKHo2lzvRfQpWCcLgDGBF0C3qRkMHsuylksJx5XT%252BcElTP4eBapPqm%252F99&umid=5729e642-1a83-468f-aeea-d56c6ec30618&auth=663c9af02b28e622c0295e1568a206100d47dd90-80f4a2b5ad2056209de27e3d92cebbe03248d0a6

Analysis

max time kernel
150s
max time network
146s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2023, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fc.apple.com%2fr%3fv%3d2%26a%3dLFGBuluglt%252BfjzVMkbjDFBKhFJoKZoXNAnTNLWAfZ9oQGFsfjHgTkeNFvhoKZkXrKno6mrUgpXOpRF544sdDVp1YkEsnwyV7hl1u7YiF1M811ySmKKJmbjsYodCS%252FZYwYSFqGlG30NHXUKqWtf8aFdnU8QXguTodST3i79323LcVpsv0Nz27VPQq6510%252FxOzQzwridLWqagX6SRF0ksNDxOkuHQEvzQqmTqRGs5k87stbljnnpz4d2iTmZbhR0uzu78VvObTlcfalhqcAL%252FlJjWnQRsjuda0NrMLFf%252BSqdJdM9DDvPdF8Hz8x7Wl7qzMPrdK%252Bzl77d0FMBpMYDMZIN7qRX9jA3SzsVJ6vvOE9%252BBbj8H0A9UsiIl0464Gttzuot%252BOcbx3NR8HtVrfDTgP8MzgPUgHIOfV90X13oDNeUNtjqGR6ioxMUX6H2F5soU4lCJtZXKEKHo2lzvRfQpWCcLgDGBF0C3qRkMHsuylksJx5XT%252BcElTP4eBapPqm%252F99&umid=5729e642-1a83-468f-aeea-d56c6ec30618&auth=663c9af02b28e622c0295e1568a206100d47dd90-80f4a2b5ad2056209de27e3d92cebbe03248d0a6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337163928266503"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 1844	4048	chrome.exe	69
PID 4048 wrote to memory of 1844	4048	chrome.exe	69
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 240	4048	chrome.exe	72
PID 4048 wrote to memory of 3768	4048	chrome.exe	71
PID 4048 wrote to memory of 3768	4048	chrome.exe	71
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73
PID 4048 wrote to memory of 4304	4048	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fc.apple.com%2fr%3fv%3d2%26a%3dLFGBuluglt%252BfjzVMkbjDFBKhFJoKZoXNAnTNLWAfZ9oQGFsfjHgTkeNFvhoKZkXrKno6mrUgpXOpRF544sdDVp1YkEsnwyV7hl1u7YiF1M811ySmKKJmbjsYodCS%252FZYwYSFqGlG30NHXUKqWtf8aFdnU8QXguTodST3i79323LcVpsv0Nz27VPQq6510%252FxOzQzwridLWqagX6SRF0ksNDxOkuHQEvzQqmTqRGs5k87stbljnnpz4d2iTmZbhR0uzu78VvObTlcfalhqcAL%252FlJjWnQRsjuda0NrMLFf%252BSqdJdM9DDvPdF8Hz8x7Wl7qzMPrdK%252Bzl77d0FMBpMYDMZIN7qRX9jA3SzsVJ6vvOE9%252BBbj8H0A9UsiIl0464Gttzuot%252BOcbx3NR8HtVrfDTgP8MzgPUgHIOfV90X13oDNeUNtjqGR6ioxMUX6H2F5soU4lCJtZXKEKHo2lzvRfQpWCcLgDGBF0C3qRkMHsuylksJx5XT%252BcElTP4eBapPqm%252F99&umid=5729e642-1a83-468f-aeea-d56c6ec30618&auth=663c9af02b28e622c0295e1568a206100d47dd90-80f4a2b5ad2056209de27e3d92cebbe03248d0a6
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb81b29758,0x7ffb81b29768,0x7ffb81b29778
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:2
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1800 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3900 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4728 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5288 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5200 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5096 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5424 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5696 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5400 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6172 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6076 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6132 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5172 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5988 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3168 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3644 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 --field-trial-handle=1868,i,4365744419315129781,8157935408632279242,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
03270f5f7df3c20730cc49fd99c36d3c

SHA1
c0dcc3f9fc6718fa29f5c48a1873ac33176850d4

SHA256
b9c1c2265f1349a43612c2d1b98512c617add394eb9b928562a3e151891a0ead

SHA512
fe050c12905aab225b6c0ac2fb6483069967bb978d09a124909b316d740b13590b5df1ecdf065c099000c4b893817a25f7229ebcd943dc19baf9e7c162095c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12026099301fab15f57dd1ddef3a72ca

SHA1
484dee8c122a2b87ee9c5e33e87258472dcfb963

SHA256
d335ddb365a0e6b7a97df35d43b4ff04f0d78c9c8bd3adb98403e3f37f207b37

SHA512
8b0590dc9ead2434170060258c9e495cd05a384c45ae3aba343091f7223c05ad147896ef7adf82bb2f6541a069f00495c760b1cd8b6c95fa69f7714324636ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9612de77a243f1aa68a6ccea0180f1df

SHA1
fcaf15c25a0e361558aa055ed3bb8fd7e5e327be

SHA256
48e9abe8cac00f67acc3c0a03ade3fa5cd77345991887cb57e98fb28156356f1

SHA512
8d6d8da02eeae240648e2703b2b6a033287195140a216a094a4a790c5a92779f1e4bdcf33f53bd1a38d6357df83b4f822c6841327a29e0c1103b8d81782d3a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bc02092315fd57ca16ee6477d8cc179

SHA1
3c99e8b39a1fb7d27eec95ce86e86cb9dba77607

SHA256
81b3fc8bd3da7cfa4fe3fb1ffffc5122c643bf676c6a4e22c080cb68cf24aaee

SHA512
c3aaea0f159bdb9d98f1f97efe50aa3fd7568bf011feda7ab050a2376809d45bf247e8d9f2eb013a6efc8ec231e93c8d3afd1af63fce37a27edc267550063bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b5e34b3c40e1fdca54dc96c69189cf8

SHA1
293ae97b428f3173b82902d063c950bd395ef196

SHA256
b6bbb08e4066ebe7127c73720b1e2d0608e027ea32035a2dbc950ae24f1905ea

SHA512
98fffba3de63aa02c7f9963298a829746e247c4fc6f66bbb81a4db4d8a88f3a06aaeaac2f12c1f8c5cbe2f320d72293ec6fc242aea7ae2c73a17a98a9b6fabc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ce89c31083aed851772228e7be264635

SHA1
43327325f1309bdf8c0a0f7cde564d55f846076c

SHA256
a93bc3c912cdabb43e2b31251312a4ea8601e423095af2b05fb524f85e891a6d

SHA512
f016d834c065fbe5c97eabcadfce1fa03595ea74f2201b36c74fab20b3f68eef7c7e00ded46293221a1d462de5bb69eadd76a613e180044cdcc7fbc01165cc37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e94cb23ee0ee92990112b5e0630da50

SHA1
c22bb2f9570f74e83d3f2200774d9181821e4e82

SHA256
66f3bc0998cf934cf645904fb92333a50ef0e13c620b7535195b4213414cfe55

SHA512
f10275651c17294162f2396b86eb3a341b3ada95d0f9b1b4dc642d0b91686724fdd0a5940a5b5cb5398ea4de0fdb73cf3eaa206ca69c27f7f73884acf8aef60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c169ce0c8fab07f4e858f3d651e00193

SHA1
ee4646e0a67fe3d680af88fb4a6f4000d3d48a18

SHA256
54cf2135a1dd9d1c297d6bf7578c46832f1cbc0c9c68873923a3d94999906e0b

SHA512
0b0e9c23aba98d8b4e4ecde72e13f1adf0fecd9f94a38265824f86e6c53abe679b226eace272313e4437fec9985d9314cdaba509c438b1950ecf8d8a78dff4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
627fe1e0344550115c9c366833a57ce5

SHA1
5398fde45d52adcf86e088391cfc8b5b475a14fd

SHA256
ecd70dca7b175a38d14bb0e252862743b0e8faebcc3c4703a7949376f52ac984

SHA512
43bd54e7835454d41edd9068d1d9eae7a0466862fd3a77d73b0ae1867442a5e3e58b37bcc4ad354781add84b9166e4470c708751ebd9dc30d2ace297931e8198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
e1fb34622ab5ca93b481c5d9743ea911

SHA1
90b4b3ae55aa4d878e294a22cff850b4d377a4e2

SHA256
97eebcd9b50d5a7fbfa10c021de0b704a80ef9cc4319395b4160b8000e5e3e30

SHA512
395050dd9aa9fae5ce6bb727ff3ade8cd3a29259d5eab8a60fa5b7ed2763b87edf0d5c8c8496535580fb12e3fadf6e96a131e7d0d36dcc266dc9ca2979d15ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
10c169c16d43d77da3ee7605015f3835

SHA1
6ed55da4b1ed989c22ccac394b83e0cad4040725

SHA256
80587e0a65fc60d94f993fec89740d2223c90c1096a6e9ed8e156ceb7f42337c

SHA512
9348fd3bef7f88bd5c2751ebd2cc3fdbf836e0533ede1875847e388bb3ca0bbc6d8f1b242314ea02092d879f4f0dee166b91e7af2cae736df1225fbf135fdb77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit