hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2flnks[.]gd%2fl%2feyJhbGciOiJIUzI1NiJ9[.]eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmhlYWx0aGNhcmUuZ292L2xvZ2luP3V0bV9jYW1wYWlnbj0yMDIzMTEyMGNocHNzczFjY3BsbnJzZG04JnV0bV9jb250ZW50PWVuZ2xpc2gmdXRtX21lZGl1bT1lbWFpbCZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5IiwiYnVsbGV0aW5faWQiOiIyMDIzMTEyMC44NTkwNDUxMSJ9[.]2JyM3ammbRJKvriUN1HdvOvxHWJ0E0FhQKaSCYvG3lo%2fs%2f3061198255%2fbr%2f231213915628%2dl&umid=252c9bed-434a-4990-8f9a-08e7f4764877&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-99499ce62e3ac215b40d46af3ae09362f36fb8d9

Analysis

max time kernel
161s
max time network
159s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
22/11/2023, 10:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2flnks.gd%2fl%2feyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmhlYWx0aGNhcmUuZ292L2xvZ2luP3V0bV9jYW1wYWlnbj0yMDIzMTEyMGNocHNzczFjY3BsbnJzZG04JnV0bV9jb250ZW50PWVuZ2xpc2gmdXRtX21lZGl1bT1lbWFpbCZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5IiwiYnVsbGV0aW5faWQiOiIyMDIzMTEyMC44NTkwNDUxMSJ9.2JyM3ammbRJKvriUN1HdvOvxHWJ0E0FhQKaSCYvG3lo%2fs%2f3061198255%2fbr%2f231213915628%2dl&umid=252c9bed-434a-4990-8f9a-08e7f4764877&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-99499ce62e3ac215b40d46af3ae09362f36fb8d9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451215046059103"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2548	2164	chrome.exe	71
PID 2164 wrote to memory of 2548	2164	chrome.exe	71
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 2868	2164	chrome.exe	74
PID 2164 wrote to memory of 820	2164	chrome.exe	73
PID 2164 wrote to memory of 820	2164	chrome.exe	73
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75
PID 2164 wrote to memory of 772	2164	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2flnks.gd%2fl%2feyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmhlYWx0aGNhcmUuZ292L2xvZ2luP3V0bV9jYW1wYWlnbj0yMDIzMTEyMGNocHNzczFjY3BsbnJzZG04JnV0bV9jb250ZW50PWVuZ2xpc2gmdXRtX21lZGl1bT1lbWFpbCZ1dG1fc291cmNlPWdvdmRlbGl2ZXJ5IiwiYnVsbGV0aW5faWQiOiIyMDIzMTEyMC44NTkwNDUxMSJ9.2JyM3ammbRJKvriUN1HdvOvxHWJ0E0FhQKaSCYvG3lo%2fs%2f3061198255%2fbr%2f231213915628%2dl&umid=252c9bed-434a-4990-8f9a-08e7f4764877&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-99499ce62e3ac215b40d46af3ae09362f36fb8d9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc49f59758,0x7ffc49f59768,0x7ffc49f59778
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=232 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5024 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5016 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5116 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5388 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5552 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5700 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5832 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6024 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6156 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6424 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6596 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6708 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6368 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3052 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6840 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1804,i,8764155329759606106,13043374805351710613,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
97d9088e8743ff4dab086d7407175fb0

SHA1
9df251521d5acb9e5aa6b6b341f4d5c67431ba7d

SHA256
e3d960047b3d16a6b165bc8c0c513288b3f02485bf73eb8ca1e937549f3dc8c8

SHA512
8988dab0fb16c6d1c621f07fed68f63e3d0d09e9ff8d636d3a23eeb45f89013c9d4ef976700f742a0920ba5c94e2a1826401155f65fef90bc9b0f8594e8e08dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bb817b5657ec5e6007cd742f5769bb1a

SHA1
3393f7e29a1a26879ebd8670915b84ff5740eaeb

SHA256
4ec0f7d5d63e57c7592c2ad9516e7fa3fb5dbc706b94bf9077065408374646cf

SHA512
858f29fa01a73e0b046733333d2ff5ef33fa0572959f0ea0043f985bd23c35027628cbe6a45efac53222797e9403e2b6d595ec9051627b98e46021cf28d4f6b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
dc4a800fed59433d26aacf0600c900f2

SHA1
1127235a190e4bfab157544eefb1f8789d3c2ba9

SHA256
060d7834a65dcf48cc18647821dfb3a8ac82d99bc638c7becb861d9a922e0ede

SHA512
828d3dc4625b569eda8dffc260ea673eac4dacbfaf7cfd96a9cc70512167cbfc82e46dde87940e50c7e48c47efa083e0b7172ce0a5cb76da2b8c1ac2a63cec6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
19a3cce94a847ff971ff55c21a8ed916

SHA1
02c84ce6e2a353234f49d1268190d5c9c3a1820f

SHA256
06df691ab861fabf1aefe530258659084113c1b91adae83d63f92573a219a09f

SHA512
f4cc1f5b7685135c68a1fac6a794539a9e5b877cc3a4fa3aac86aa61cfb2c4dcb6a8664d3b6d562311f0cef39801391d52616a6be55bbd2620466b9358218fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
01ebf211430aa0e9f47d1a41c642cb36

SHA1
1452dff757bd954226945071ceb8c739d4bdceac

SHA256
022fe619cb81767a152b33e0de48e183afa25a991d08e5bbc95930b1a54e537c

SHA512
187ee5e2bb1199f3fa02cf3495f742d56af997c05033b61528c95c6cfb278ab6c8232eed4c164dc8839cd10ca1dd124944bb9906a29554dbe7b2be86ab145ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f00bd7eb2e1eb4287780b577ad6cc64e

SHA1
2e77591d988cca0c15647a61bb2d1f3341be8db3

SHA256
0f57a628c0f17fe2e5efb0aaf8fb4245578f815495d7be9c5c7e6091eb4a6a2b

SHA512
ad6f558022f453806caafc3109ae611e6a5cc6206ab10c6e8b8f062ee814c3dfb817b230285283c33ef9ca9cd4d824ae38de29203453d74b0e3e424cc2e53dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4ec7da39b3a76461a747631296e6f330

SHA1
fbaf41ed24fe2b623da80045168114e5025c2d9e

SHA256
f79bd3c77576c316972c15cb7185d6a577a742cbbce699a6f501d7b0e1618691

SHA512
773801129b21613244b2678e5282311cba401520b3e4098e9c063ae6b73fdbb3b37bbb7330b934d0a5418fefef887f2da00dff01984efb861ebf2e58a143f6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0f179ae4b48dd017673ef0e31020cd39

SHA1
9840f852874023f2c529bb56d0ec0dfcfbc50dc2

SHA256
f894fca29908b91791bba73a1012b0a9a4f793d69c16b10ee2e1473b5573c80f

SHA512
974b710b3076f44972ab3d55b24b480d52afe1035b1eb5d1b33da2381ab2e1cac862dbe297ae053bc234a8adb8c1b7505ab6e277aa9324b94063c43fe160f046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f1513b5369614aeef983f58597a42cd0

SHA1
35f6ba48ea81b961063dad8aaf864f77d9f93f63

SHA256
359f69d93287d6406c4ec7bc4f75bc5a607cafe2c493c73f84b6fc70db9ce670

SHA512
4593b5a6106c60c576dcfbb91dd048ff7d8e4f3ec7a6780cb9cb2ad28bea7b3fa919564bb8cf2fa91d95a4c5efd37094c9c8c33a2ea0fb66c44588246132e1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
688dd4d2e69a17cb7d7105e4bfffb00e

SHA1
a31e7ed3c83d1bdad69a243cce9275e3d6ef8a98

SHA256
887e1dcb629e467de7a4009a1db8cf7d054c11ca5b4002c216c1c320e1734049

SHA512
4187638e653e5208a7a2cb9e72508ee4386a02cc01ac7b8fc16076e0ad94bf25e307e08f1a019f215dc0aefab9aa694ee6ca0d49b4a1315986171a497bbf77b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8893e118d213203386c73b6fe4b71414

SHA1
d0099da5c4a5b4a77fe4c664918c2bb24af7c8a4

SHA256
c9b5b5ff557fbd1598ccbd025deab88c34d9c1cb42ace240edf2e344d27f8ef2

SHA512
b46342b8830e7a9bbff41f0a88b435e277873d37134358d79c1a8044f7a2af278f0b029fd8fe6fdb3d6642fd69954c26fccfe0c98b2cce46e6187ffffdf4825d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a931825ad028d854df8b47c67774808f

SHA1
e94bc86a87426cd92d64c6af66710a27677ee46b

SHA256
aaadfae251df3dc8678e4591fdd66ce7e2e63fb62856c5e7dd1d07fdf9656a48

SHA512
36f35e8a3ab5bd45ed408b87e6e15bd845afca695a82dc094bf1896cf844811bebddcc428884fc566ff8184cfac9aff02e9d33a978a8795368adaa0529cdb647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f8c89a35f6e49c893d112b83eab8e71a

SHA1
9ef6fc7080d9150473af0db38561e84e69acbed1

SHA256
d3718a3560ec72fcd636a1afc42687356b1be53384b25266d524141c3e5b8c5c

SHA512
9ee06cc96813a506f92e4cb0c15bef5239915f8848dfadc8ca2d979f8fe9520fe812fb682bb77a0e1c154fc1b3d2a84e0e08262d3c8fa006df9c23e40b2992c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
17e688d35bf13d852d1fb642b5296f7b

SHA1
8783a313bd07c190a270b9ead39243fa988bdbc7

SHA256
f97430309e4bdbe221c781693369ea909d6a5ec40734a6ceeccf3e92d554a786

SHA512
d035f41c3761472439ca4285f7ce87e01d0fdb96d3b418800be3ef92c1fa48acdce2eaaf543f09b52c2414527a449996a42976aad15c785025284bf5eab74a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe95c04971ff1c00ef53ba61d6842a35

SHA1
62e85f544c1a68bb15545196b7ea4c40af3f5ad0

SHA256
6f47a075535ecf90fd003f38acba6db6a0d4ab14076460220799026114f1d071

SHA512
92711d3251b84dfc30c1dabfc70935aaf6cf227a43b3c01212380ea5d109a909957b972b5b0a8b1630388fcabe6516a69968e4cc6a08aac24b9a98287c3d3174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ded1b448595dced7bbf94eaf9661e22d

SHA1
031c99b630a56f0f4ed421f7ee20b12525a006f2

SHA256
cb3eab40ccca4651e484f1606f170a3884369c0c3f2cecdb8b1a892b48cce631

SHA512
3881955254897b466474f6903d5e655b58f513258b7bc1d58b9a15f571b8804df306123f8397e2a00687fe00c316b50a02278fc7b2a802b3a7c91c7100873c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f87094012abc0a468fcdf42d86b51f36

SHA1
b41a0cf3c46805957f89548665eda416d7668f08

SHA256
81ab6c8c0fa188389925797003bb204a6871adaacab11fc23b55012747a859e1

SHA512
19d70a18db9f35c9b2bcb25f8bb0bfaf75f07c9c0845d7b01b31eb101e3901aecdc22d3562a335ab791da206693506962f2642eb36af2983edded0a71c05cd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0f6f5db3d730e02401cbfd0e00bf179

SHA1
05de2abecbe56e61f958959ee27932f74b2c1826

SHA256
33423cf1aa83bc1d140abe7027d5786ad31e8c3037b30014093c4ed1a79fc029

SHA512
6809d029748694848c893b827397cdfd60858395a090c53e9f73e3cf32dbe3b6b35bc5d6fddcdd5b0ede239ea2a606726182dff335c80aecb9e5c897b680e248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe585196.TMP

Filesize
120B

MD5
4a42c0a011d8ce405ca97ddee6aeea3a

SHA1
ec569d33cfee861905d1243e3308d4e99d58e524

SHA256
1a8615b20ccb249bb8a99c29cd3adb790567f08563e47d84995627f67cedb2f5

SHA512
3763bed5a1e36657ed51359c3f1eb0d12d6f7b763191c6999efde17318cf821bb840d75b8dda39238c05051de3f7d04631967826baf7cbf299f580bc4eefcff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
326bae36944854597ad1870f54f59a8f

SHA1
14f5580b9dedda140e9663e8e0c934dd292aac7b

SHA256
13d09082a0a5f77509cc5f540121f576c0cfbb3cc3aec5f522c50218a99ec166

SHA512
fc674d512fa6bd70707cc3355a6b21568e8fdbaac520813cbaf3632630bb4d72b8b2b128c90e3d6f0bb5294721a06d331ec1983cda34f5d092839062b2a010f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
111KB

MD5
1b88a4a8707cb3f7c3b4032ec7cf2937

SHA1
fafb1e93f3f55a5b9b53e214e2904c7a5f432307

SHA256
5ed9138a4dd38de4b9cab1839b6ab6767034043a95fd397bd4078a4ed55140ab

SHA512
a587de1c080e12d192a91a7b9ff9c9ed39b71eb762a548b318a0c4261c7cf503285c45c58adaeaedad1988ee8f62b8b6c8525c85183c9b0506b38542a606874f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
111KB

MD5
761095d9ba2ff241576738bd20b335a9

SHA1
50491842df530706cfbc724a8d0d17382eb40993

SHA256
0e28d5caef83d68da3aeff0646bff771b19169d57dbd58cb2eec69bc82d85f53

SHA512
6fc6e683a2a23620f5e71e727a6add2fd72072f6b4d32bebbcd19446f73cde87d16e31a0b2a54357a047de97ae103fc0217200b3fdf0df0b8ba7c7be2286d3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
eddf3c1fc5d442750e685ff28ee98a97

SHA1
06566967cfe47fd87875276249dff7633a112733

SHA256
098bb0f13feb707f4644e8d445cf03ba801f9581623cadd8bc389d53885cfc32

SHA512
974c1e6bcc183e95db58562281af0a5d06615345af989f330460c82758ac3c23b4cd73704e465ab4d51511ebfc9f938d4b802cb422df6dc12bd7a6196f6b5d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
70b5e0dfdd21af67d37b046a39bb9bac

SHA1
91de007628edca640e4f690960873ae436410447

SHA256
febdf8fac71f6b8a71c0a7470a42103a7dc013e29904d5b17fe638376206e2a3

SHA512
ce3e0b6f125660715fb4cc0d4d539e97a82396c457940878bba8592f4aaa80b355611fc8a06ac043904a179a5430f4129c48b15318debffad327a896f3784187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
ef1be506d5cbe0bae62265e911066ffe

SHA1
4523ce1c2a160ab9dced90d80e522fe67191af12

SHA256
b43f41d88934ef8cf627da8d6a4c23d6eb587e9b0ee75b43a7ea9305738b9b30

SHA512
a4b9b56793e73049cdd7afb167eef39fa590fa24b0a7ef0d0ae68d819c761d51bebb025f599280a968a71a1289f0fab1ab94b8871e2a2c117b01ab29689a1afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit