hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fablink[.]transactions[.]earnin[.]com%2funi%2fls%2fclick%3fupn%3d%2d2FvrMd10WTQxvAe7Ipq1Kaetm6Ca8zIpS6iYYK2n46Aa6UKt6JlXKZ8DyWFQbQekVzAUigvFwTx6GtIwHwbwF%2d2BA%2d3D%2d3D%5fWMX%5fststm7kZtXFFZcxwmkbsLQZuIM5cuaCBybLUfcg0prjXTrXmo3DmV%2d2F2lEePN2oZaQthdHPburxSKOXO6AUg5Njz24%2d2B5RkmfPOZzS9pq8RcqAGuxbhN21LNmjHpVrPLgXiavoYBZ4qIhfMP4me54g0EWAL7%2d2FE%2d2BsyJFtKfNYsM2cIBkHTsAsuNZVIycxjdy4tH9mMEPrkrdpR2%2d2FRIi%2d2FpBhWjPrEMSH7mMrp1KdvQAY85B0ewflHB9G3qv3pQHt6FpGA2y4OUBrOjqPTOxKgs8OsTy4KHlihoT3etHUVWdqxiYsXl3XRb9vXrHoERua2vwLApYXo5U91dpnvt6SD8m%2d2FpSTu%2d2BDdTB2ra2%2d2FXJOaoQOGyyg%2d2FhiIzBsAXzeq4hl%2d2BbPTB1pMA3tVssbiQ4%2d2Fub0EdEHvsr%2d2BVb%2d2BkvQ3V85dsjj6FSbgUz3l2hIxeZd9x5JvjrWXETBdUZC%2d2F3euM05%2d2Bn4kfvjqqydnLTWIjW2mL5VIq%2d2F1upBhNzV8J4jf7D0YDLdI0JNBIdJACIJBXDRNnF9mzvheh3mqlnVI0cLZcqs%2d2FVbRrUxEmbXk%2d2BDZtdWULdaZLudvBlUudgj%2d2BTl8fiXfXbbkk3sD8WNEzNjpKMLmDfpcfeYCzLY9TQ0yAkyMnIzUW5Ir9OoVOEW1m9gsfVRz238Gar%2d2FlPmGazz%2d2Bp9ivesSbyIjs8%2d3D&umid=a85310a5-cbd5-4ce1-9336-8eb7cb5caa8b&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-04632eb7a2f6cf87e2d6286b46f8beb0d376a173

Analysis

max time kernel
149s
max time network
146s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2023, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fablink.transactions.earnin.com%2funi%2fls%2fclick%3fupn%3d%2d2FvrMd10WTQxvAe7Ipq1Kaetm6Ca8zIpS6iYYK2n46Aa6UKt6JlXKZ8DyWFQbQekVzAUigvFwTx6GtIwHwbwF%2d2BA%2d3D%2d3D%5fWMX%5fststm7kZtXFFZcxwmkbsLQZuIM5cuaCBybLUfcg0prjXTrXmo3DmV%2d2F2lEePN2oZaQthdHPburxSKOXO6AUg5Njz24%2d2B5RkmfPOZzS9pq8RcqAGuxbhN21LNmjHpVrPLgXiavoYBZ4qIhfMP4me54g0EWAL7%2d2FE%2d2BsyJFtKfNYsM2cIBkHTsAsuNZVIycxjdy4tH9mMEPrkrdpR2%2d2FRIi%2d2FpBhWjPrEMSH7mMrp1KdvQAY85B0ewflHB9G3qv3pQHt6FpGA2y4OUBrOjqPTOxKgs8OsTy4KHlihoT3etHUVWdqxiYsXl3XRb9vXrHoERua2vwLApYXo5U91dpnvt6SD8m%2d2FpSTu%2d2BDdTB2ra2%2d2FXJOaoQOGyyg%2d2FhiIzBsAXzeq4hl%2d2BbPTB1pMA3tVssbiQ4%2d2Fub0EdEHvsr%2d2BVb%2d2BkvQ3V85dsjj6FSbgUz3l2hIxeZd9x5JvjrWXETBdUZC%2d2F3euM05%2d2Bn4kfvjqqydnLTWIjW2mL5VIq%2d2F1upBhNzV8J4jf7D0YDLdI0JNBIdJACIJBXDRNnF9mzvheh3mqlnVI0cLZcqs%2d2FVbRrUxEmbXk%2d2BDZtdWULdaZLudvBlUudgj%2d2BTl8fiXfXbbkk3sD8WNEzNjpKMLmDfpcfeYCzLY9TQ0yAkyMnIzUW5Ir9OoVOEW1m9gsfVRz238Gar%2d2FlPmGazz%2d2Bp9ivesSbyIjs8%2d3D&umid=a85310a5-cbd5-4ce1-9336-8eb7cb5caa8b&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-04632eb7a2f6cf87e2d6286b46f8beb0d376a173

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337281845371901"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 3436	2020	chrome.exe	46
PID 2020 wrote to memory of 3436	2020	chrome.exe	46
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 880	2020	chrome.exe	73
PID 2020 wrote to memory of 2652	2020	chrome.exe	72
PID 2020 wrote to memory of 2652	2020	chrome.exe	72
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74
PID 2020 wrote to memory of 2536	2020	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fablink.transactions.earnin.com%2funi%2fls%2fclick%3fupn%3d%2d2FvrMd10WTQxvAe7Ipq1Kaetm6Ca8zIpS6iYYK2n46Aa6UKt6JlXKZ8DyWFQbQekVzAUigvFwTx6GtIwHwbwF%2d2BA%2d3D%2d3D%5fWMX%5fststm7kZtXFFZcxwmkbsLQZuIM5cuaCBybLUfcg0prjXTrXmo3DmV%2d2F2lEePN2oZaQthdHPburxSKOXO6AUg5Njz24%2d2B5RkmfPOZzS9pq8RcqAGuxbhN21LNmjHpVrPLgXiavoYBZ4qIhfMP4me54g0EWAL7%2d2FE%2d2BsyJFtKfNYsM2cIBkHTsAsuNZVIycxjdy4tH9mMEPrkrdpR2%2d2FRIi%2d2FpBhWjPrEMSH7mMrp1KdvQAY85B0ewflHB9G3qv3pQHt6FpGA2y4OUBrOjqPTOxKgs8OsTy4KHlihoT3etHUVWdqxiYsXl3XRb9vXrHoERua2vwLApYXo5U91dpnvt6SD8m%2d2FpSTu%2d2BDdTB2ra2%2d2FXJOaoQOGyyg%2d2FhiIzBsAXzeq4hl%2d2BbPTB1pMA3tVssbiQ4%2d2Fub0EdEHvsr%2d2BVb%2d2BkvQ3V85dsjj6FSbgUz3l2hIxeZd9x5JvjrWXETBdUZC%2d2F3euM05%2d2Bn4kfvjqqydnLTWIjW2mL5VIq%2d2F1upBhNzV8J4jf7D0YDLdI0JNBIdJACIJBXDRNnF9mzvheh3mqlnVI0cLZcqs%2d2FVbRrUxEmbXk%2d2BDZtdWULdaZLudvBlUudgj%2d2BTl8fiXfXbbkk3sD8WNEzNjpKMLmDfpcfeYCzLY9TQ0yAkyMnIzUW5Ir9OoVOEW1m9gsfVRz238Gar%2d2FlPmGazz%2d2Bp9ivesSbyIjs8%2d3D&umid=a85310a5-cbd5-4ce1-9336-8eb7cb5caa8b&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-04632eb7a2f6cf87e2d6286b46f8beb0d376a173
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe469758,0x7ffffe469768,0x7ffffe469778
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:2
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 --field-trial-handle=1800,i,17646766693645289677,13812884725677249496,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8208cf50738e2bcbb7397abc0dfa4e46

SHA1
f216f2dfa3d0a537e79c45bc6a1b3cab51228c95

SHA256
42983f57793a18ffe162edcc066e3aaed3817045a9402e07170cdff5ba344721

SHA512
2897730299eefcf3232a00d18ec44ee237403ebca694f4cef4a8fcaac1f2d2b9dd65cbaa7f1cf6cc1344a3143d83ec6deeec217818f87032393e1b61336dc46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
68bf28b0e9dc3b99ebaecc6bdeab8c2f

SHA1
bd367fd8a1d960a68267e3a1a4af7ede9607904c

SHA256
6c212c710b58bf7ddfbd4d64e15a014a9f4305f2ae8fe8f2e2c438c4b27a6656

SHA512
35100aed6c279e033e39e38b6385239dd96f79a448488b5943ef959dd42c51478b003b02ce989c259f7c53a34c1f3f75d69f3d4d6290ff8d651111ede44337b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b364d40020afc92e8c5ef869db490eb

SHA1
6bf9cd2460709803f878a0500624fb8e8588ae21

SHA256
a2f8c3d54c3240727898643d974c212e852b695852b401dc2be4fb9374cfb9a9

SHA512
a27ae3f7d4ca086a6f6a8c981c9e95f85199aa68e2033d59012b28292114671f4ea212b7011c39e8961fc037cd74b8662f7d81afe4e825ef23231ff2cadb2ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93ee73e14b1e648cff944ad24d5d3d92

SHA1
12e3bf2a4ef0b0cb6e06158fc4ed5d74fe0afc96

SHA256
a0414ebb89047272d70c247d7eb52f3fb1bc42019dfc172b4c91d39c031ca700

SHA512
b62d92193b02def731e819c6ec7227181fe8139473af8a949b197f746f6af9df28f7f0265cf6a09f911ea5c271d2661af8e241c78709ff439f56ca9ba036a5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
11d4a6db4052690c4cbb987402bd8cd0

SHA1
1e3a949bce106df5c452a45cc9f0d62d5beaf712

SHA256
aaf80877f5f76f22e1475038236ec84ccd58c36b4ec053112b6db29d67368766

SHA512
41643f35bb2baf848534cf2aeed0eefaa59b97c2b06f97d2169afd4a9b82f78c4a1127be0dd0583360e031e9ad24836edda45503739060aa41f865f2f70f3a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4c27a1c4d79f61dce54e777c55560258

SHA1
a1ad8786fa98f800e295e2031e4d5b113101d2ad

SHA256
189732a71007755760897fd8ef76a286dc011000474a5a776b8fead6cf29f3f9

SHA512
32c6fe8f55459ac56267833754e1eac30dc10ec0ab17bd5a684cf1f826aa41783491203bc69f6fbdcdeb881be301d5bfb4d5ec22e78b1d81851611ee50f0b813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
e2e6b524d47ca7276f1940919884a51d

SHA1
6979280aa293f02b23ff155c9ca4c39c0d498832

SHA256
718bb159565917ae1a0475a4d2c97d7f4f5cc18b34768fffaa399cbfda3c3a2e

SHA512
175cd57a1d82d0ed9d3c1a77c55dadde5b77f2c7b38ca630190301211c3412fd7fae9f18d218f6d4367bb73ce61b804f74e50604f2bf62f1de27804c5245c499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
358962467a8ab2a03e89e7b6b9e6c588

SHA1
9fc5e1aa22d0beb09b28596a96dd784a664f9ce5

SHA256
290d93c6a12540642a58e47934457d00c9948a95258b5bf3c0cfb65f70fbc7bc

SHA512
f96edb20eb2543641480c024bc29d85b487c958a05332d8ecf9a25c3928303a3e0d8bce740a8daf8f45095fe2cfac8ffdc35e02ce17c5ef7023b212f3cfcc9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit