hxxps://trk[.]klclick3[.]com/ls/click?upn=6eP1FXbAZPHqfy-2BotnJOYEzxqTzmwou-2FbyzHTrp6au0S-2FO6fACCm688YJ86AjfrVBKkJxyZebZJe-2BIleAIORfK-2BwQbEtc1V2RcBgaDwwZAPG0AfELo2TOwR8WVfcinH8pv8RcJMcgSP5kax7LhilQSsDA9ynuA5BSEfwSo31dFzQ6QZ7FSEa1vnmodmauLKa56oU3L9sq3S0MpVzcKGGdh7SscaPLG0h7i9svyaPZGJcmpEIG0eDpzSbW6hf-2BNre8iPG_xF6veNvvDGeZ0Cj3ec7DA79M6rzMDnllpV0B-2FY2cgEuy1QY8kOxVbuoqrjHERwvjEMAPbxPH1Z-2F4aH9SUr6d7po4DblvoWczD2QX6rzt8XgN3qx36hwC5sh7Q8lR8sHMzi6-2F3gTrOyjF4H4jG1sAwjxhJNlkK-2BlpLT5s0Oo8YeASSd9a4MBDIEPgPHCTq-2F0dVA6wol5n8w6z-2BWDt2gY9qlZPxI-2FDP5VYsVBxXO9x7npxd431Iy18NcL2Yf14uZlmV3CJMMSKoZNUI7OR1rvshYo8PRYp5Mts7JLLO0wW-2FLzSsSC-2FEwpKS44DD-2BULwOj6juwSZkdjcBLHy1ZUXxViW7EYXxsw7u-2BHzUAkablNSUx-2FzdA0A8rgpLqgw7hHHSEa6tCPpqvp5edkEsCX2C9Aef1NmISm-2BEdYcIYY-2FH4MHUzcFCdCH-2FM16ugt8OoMX7flebL8A8h23s-2FZLht9UBcBQQ-3D-3D

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk.klclick3.com/ls/click?upn=6eP1FXbAZPHqfy-2BotnJOYEzxqTzmwou-2FbyzHTrp6au0S-2FO6fACCm688YJ86AjfrVBKkJxyZebZJe-2BIleAIORfK-2BwQbEtc1V2RcBgaDwwZAPG0AfELo2TOwR8WVfcinH8pv8RcJMcgSP5kax7LhilQSsDA9ynuA5BSEfwSo31dFzQ6QZ7FSEa1vnmodmauLKa56oU3L9sq3S0MpVzcKGGdh7SscaPLG0h7i9svyaPZGJcmpEIG0eDpzSbW6hf-2BNre8iPG_xF6veNvvDGeZ0Cj3ec7DA79M6rzMDnllpV0B-2FY2cgEuy1QY8kOxVbuoqrjHERwvjEMAPbxPH1Z-2F4aH9SUr6d7po4DblvoWczD2QX6rzt8XgN3qx36hwC5sh7Q8lR8sHMzi6-2F3gTrOyjF4H4jG1sAwjxhJNlkK-2BlpLT5s0Oo8YeASSd9a4MBDIEPgPHCTq-2F0dVA6wol5n8w6z-2BWDt2gY9qlZPxI-2FDP5VYsVBxXO9x7npxd431Iy18NcL2Yf14uZlmV3CJMMSKoZNUI7OR1rvshYo8PRYp5Mts7JLLO0wW-2FLzSsSC-2FEwpKS44DD-2BULwOj6juwSZkdjcBLHy1ZUXxViW7EYXxsw7u-2BHzUAkablNSUx-2FzdA0A8rgpLqgw7hHHSEa6tCPpqvp5edkEsCX2C9Aef1NmISm-2BEdYcIYY-2FH4MHUzcFCdCH-2FM16ugt8OoMX7flebL8A8h23s-2FZLht9UBcBQQ-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133416754390085427"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4504 chrome.exe
4504 chrome.exe
4504 chrome.exe
4504 chrome.exe
1776 chrome.exe
1776 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4504 chrome.exe
4504 chrome.exe
4504 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4504 wrote to memory of 1412	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1412	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 1732	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3932	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3932	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe
PID 4504 wrote to memory of 3856	4504	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trk.klclick3.com/ls/click?upn=6eP1FXbAZPHqfy-2BotnJOYEzxqTzmwou-2FbyzHTrp6au0S-2FO6fACCm688YJ86AjfrVBKkJxyZebZJe-2BIleAIORfK-2BwQbEtc1V2RcBgaDwwZAPG0AfELo2TOwR8WVfcinH8pv8RcJMcgSP5kax7LhilQSsDA9ynuA5BSEfwSo31dFzQ6QZ7FSEa1vnmodmauLKa56oU3L9sq3S0MpVzcKGGdh7SscaPLG0h7i9svyaPZGJcmpEIG0eDpzSbW6hf-2BNre8iPG_xF6veNvvDGeZ0Cj3ec7DA79M6rzMDnllpV0B-2FY2cgEuy1QY8kOxVbuoqrjHERwvjEMAPbxPH1Z-2F4aH9SUr6d7po4DblvoWczD2QX6rzt8XgN3qx36hwC5sh7Q8lR8sHMzi6-2F3gTrOyjF4H4jG1sAwjxhJNlkK-2BlpLT5s0Oo8YeASSd9a4MBDIEPgPHCTq-2F0dVA6wol5n8w6z-2BWDt2gY9qlZPxI-2FDP5VYsVBxXO9x7npxd431Iy18NcL2Yf14uZlmV3CJMMSKoZNUI7OR1rvshYo8PRYp5Mts7JLLO0wW-2FLzSsSC-2FEwpKS44DD-2BULwOj6juwSZkdjcBLHy1ZUXxViW7EYXxsw7u-2BHzUAkablNSUx-2FzdA0A8rgpLqgw7hHHSEa6tCPpqvp5edkEsCX2C9Aef1NmISm-2BEdYcIYY-2FH4MHUzcFCdCH-2FM16ugt8OoMX7flebL8A8h23s-2FZLht9UBcBQQ-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6d819758,0x7ffe6d819768,0x7ffe6d819778
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:2
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4968 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 --field-trial-handle=1916,i,7861834134326679221,16238803332235390841,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
3684bc84a288edd38413d62b183fc998

SHA1
0186536efdbe37fcb5e285e47ee85674ee09c9f9

SHA256
a8db943daac58b2b1d4f632b66cef9e365614e3537b8b5d1ae534ca1c78c9a63

SHA512
46db0e9589ae82658d236e74f19f9c83bb1c7f4964007e1c6403c66fbd0fcfca785e64acc295c2333ee387d9b2df2d0a78aff642bdb2ac4890e480d21504184e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
265e1fd551e031e55db20e01d762090e

SHA1
73aab5ff505596c951002f59b80cb3c32acf1e62

SHA256
e986f0e6a1de821bb08ba7498732f5bc1bd2f3ca39451e4ba7ef951ea820abd2

SHA512
cc3ce25f11be5327585358c17340fa14cd1f318c73d46f24779874532f6977bc56333fa51bd15e50dd47b8de8a633170b678eef46c08d10bf9c61841e6306dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
5c93d708ad9be7b58423611ce51d4b1b

SHA1
4fb57f62972bfd26e5104b4b940efe1eda0bd375

SHA256
9ee21e4671dce96922749200d88e2b1ecf8f23551f551cba603cb3b0e0727fd0

SHA512
ea414a9dd68216cb2ca03d3755185ad7a18eece955d39d64958c2edc2c8c55f6c4ed3b7d0b84b1580119601d4a1ae5cbf8cc443e98bcb6b0f8307f539803f704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5c88355678f0c8b8c2c70ce5aced2f5

SHA1
b2523175571cfc61df0d89908858fdba27cd0e4b

SHA256
1d4704506fd4ff3c329ad9f8bfbf0d85d93f4b10c8d486a191766bcc69c3d4fe

SHA512
cfce97c41b1cd106fc6e419ee0753af7412e643f9a5352323686311153d7fa7bf6b097916b0c564a6986526f8caddd5d32636e41b5e4f83bdf3b750a27257c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b68672cf0dc2f5909954a14af5689872

SHA1
534ff7c38a1882deb54790867d3ff53de1b0f86f

SHA256
cf4e57c033af73a6f037a76054b3c752fabb8766f366a4b9f1b99a07496e2b8d

SHA512
ee2fe454677a0eba69e2bc0eeef60de915709869d5cbd903c8a2e50e52106a26caa5260f2624611eebaa9febcee968c3053f131914e83c71284b62fd97d81a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
801abec153b6006e7b2db4bc14b32b94

SHA1
d22977ea400df9d1e7425ccd68be025993a00850

SHA256
5ec27dc92a4ab9d5cac995a49480df23b505c725c402b3b5ea134930da59b6cd

SHA512
a840279523fb6d2ba5a8c1fc7556128290b7e668cc7971f6ede59a61de469611f5966e4a237c4a032955843f431fedbe43dfb115db29d13fea0c5a1fb5945b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
73b8de87fc4259c676c6ff47b350fb3c

SHA1
66533b3e1af6f09b7c4cd38b9dc9ca90c1d9a7af

SHA256
488b12878829e78cc9d7b3e0a6c8a81f30fcbef505c1f545307aae98534313e5

SHA512
4ebf1a8b87209ea01fe528eb2554960c077c28c22fb49955502b0ecd555f1528a8bdf0fb7e6998fea6203fccb2b9aa491f8202f88fb74a76ddd51c46f1eca2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
a242e79c814722e7a2c29913aaeb1430

SHA1
6f451d6cf75d1b9033cc1bfb1f86a631b6cfe284

SHA256
3b744f13e389a47867970dea0bf1299169d53165be13440c7c06d3a7136d482e

SHA512
8ba439a587202ead570f6324e649e8e80ff8ebe9a007e53808af656ff3b9e3212f1b02503ef8cd1b04f1fb2a6b531df804e3d1640b582bf1293b3e3b98ccb3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4504_SAGKNYDGBKTMIXIC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit