hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fu1866417[.]ct[.]sendgrid[.]net%2fls%2fclick%3fupn%3diVC21geJR8NtI8Ms93f%2d2F7U%2d2BAIlJ%2d2Fn2yJvDniLNI6JQ9aRZbArZSiWknc5benSmE89kacUe67lQJAwdoIyX25COIvP6g2SCO72LSfr90xoHMxgoIP9BHreChGAWTYVLPPWRlSIQOPPmfjgGDzShbPlYevXCsEqFJqNdpLbIqBO0xmx1WiGHVp9jdku1Q33kB25az3%5fXnGYE40V5%2d2F2DZyAq%2d2FBp1%2d2FfQclLVh%2d2BiIzCnirsAB5RiKOPhhMAugjBjCzvf2cLE%2d2F7zckE%2d2FFxAVRzjCxJvRC35rk%2d2FV3j6JapjA8WywePqgQ6KBVWb%2d2BiQXvjkUIjGCC%2d2FHv3KMOzoh63R9NdkF%2d2BIDeLZ6YgO%2d2BBdTdhmg8ex%2d2Bh40wlJa4zFE%2d2B9in%2d2FLwS7pKmZyJg5SHamA2%2d2BXK4PyQgivQU9COKBTH3TGHfuEhhyv1C200wFntV8KydXeLFxXkCyQiwqFxI9hA3HRUi%2d2BFxZT3JkQFMa%2d2FO2Bvg9zFzKfaRHygsJWSRP7zeJXWPjUuOUXFnDfyVEuwBx24ToWDbdYDPK4D3QQ%2d3D%2d3D&umid=aa3e076e-365f-47d1-96df-4ea86a4ff6af&auth=663c9af02b28e622c0295e1568a206100d47dd90-0b8da9c372f23b157c95673c9c717165b270b077

Analysis

max time kernel
149s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
21/02/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fu1866417.ct.sendgrid.net%2fls%2fclick%3fupn%3diVC21geJR8NtI8Ms93f%2d2F7U%2d2BAIlJ%2d2Fn2yJvDniLNI6JQ9aRZbArZSiWknc5benSmE89kacUe67lQJAwdoIyX25COIvP6g2SCO72LSfr90xoHMxgoIP9BHreChGAWTYVLPPWRlSIQOPPmfjgGDzShbPlYevXCsEqFJqNdpLbIqBO0xmx1WiGHVp9jdku1Q33kB25az3%5fXnGYE40V5%2d2F2DZyAq%2d2FBp1%2d2FfQclLVh%2d2BiIzCnirsAB5RiKOPhhMAugjBjCzvf2cLE%2d2F7zckE%2d2FFxAVRzjCxJvRC35rk%2d2FV3j6JapjA8WywePqgQ6KBVWb%2d2BiQXvjkUIjGCC%2d2FHv3KMOzoh63R9NdkF%2d2BIDeLZ6YgO%2d2BBdTdhmg8ex%2d2Bh40wlJa4zFE%2d2B9in%2d2FLwS7pKmZyJg5SHamA2%2d2BXK4PyQgivQU9COKBTH3TGHfuEhhyv1C200wFntV8KydXeLFxXkCyQiwqFxI9hA3HRUi%2d2BFxZT3JkQFMa%2d2FO2Bvg9zFzKfaRHygsJWSRP7zeJXWPjUuOUXFnDfyVEuwBx24ToWDbdYDPK4D3QQ%2d3D%2d3D&umid=aa3e076e-365f-47d1-96df-4ea86a4ff6af&auth=663c9af02b28e622c0295e1568a206100d47dd90-0b8da9c372f23b157c95673c9c717165b270b077

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529847373607731"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 1528	4680	chrome.exe	18
PID 4680 wrote to memory of 1528	4680	chrome.exe	18
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 3328	4680	chrome.exe	79
PID 4680 wrote to memory of 5112	4680	chrome.exe	75
PID 4680 wrote to memory of 5112	4680	chrome.exe	75
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76
PID 4680 wrote to memory of 4304	4680	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fu1866417.ct.sendgrid.net%2fls%2fclick%3fupn%3diVC21geJR8NtI8Ms93f%2d2F7U%2d2BAIlJ%2d2Fn2yJvDniLNI6JQ9aRZbArZSiWknc5benSmE89kacUe67lQJAwdoIyX25COIvP6g2SCO72LSfr90xoHMxgoIP9BHreChGAWTYVLPPWRlSIQOPPmfjgGDzShbPlYevXCsEqFJqNdpLbIqBO0xmx1WiGHVp9jdku1Q33kB25az3%5fXnGYE40V5%2d2F2DZyAq%2d2FBp1%2d2FfQclLVh%2d2BiIzCnirsAB5RiKOPhhMAugjBjCzvf2cLE%2d2F7zckE%2d2FFxAVRzjCxJvRC35rk%2d2FV3j6JapjA8WywePqgQ6KBVWb%2d2BiQXvjkUIjGCC%2d2FHv3KMOzoh63R9NdkF%2d2BIDeLZ6YgO%2d2BBdTdhmg8ex%2d2Bh40wlJa4zFE%2d2B9in%2d2FLwS7pKmZyJg5SHamA2%2d2BXK4PyQgivQU9COKBTH3TGHfuEhhyv1C200wFntV8KydXeLFxXkCyQiwqFxI9hA3HRUi%2d2BFxZT3JkQFMa%2d2FO2Bvg9zFzKfaRHygsJWSRP7zeJXWPjUuOUXFnDfyVEuwBx24ToWDbdYDPK4D3QQ%2d3D%2d3D&umid=aa3e076e-365f-47d1-96df-4ea86a4ff6af&auth=663c9af02b28e622c0295e1568a206100d47dd90-0b8da9c372f23b157c95673c9c717165b270b077
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb35bd9758,0x7ffb35bd9768,0x7ffb35bd9778
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:2
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4756 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:1
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4908 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1848,i,12548513851480561500,16624462328738142169,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9c5c7d884b5c71c807232314e22b72e1

SHA1
cf7821f025351754419ad1872139dc5f6095d731

SHA256
859168821565c919e7e2d40b351abc25c8eba73fa97b6e861a3fb78f6eceee97

SHA512
f3b112371fda802a5f60382260261adddb899586c659a57abd6d4c65de8141fcabf6baf53f86effb0b85dc6e41400feebdf6ef7ff7fa33aa5f3bed845df31f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3a4fb027e77e1e63a0039a162353731e

SHA1
78d7bf25f6bb4979d21bc69d317cdd1d6b606c12

SHA256
a63d0c1a23614f9fbd8b950afa14a1c17d2df3f6e74b4a0bae2b98a4d0ad371c

SHA512
9ac1f075f63ce59aee103bf0a004ba91bc738565ba08ee27a080b3a5d50fe8f412ba3013cc8c645fdc3c6650e42042088e60789678e67c9489fb623242c09694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6dc75ab6d4b6a6285ccef9582543b8ab

SHA1
017aa291ab702597fbe3265d88c0f0e729d0345d

SHA256
ef4d107f609e81bfe6b94d278810da808fadf07f8830357b36e352973a12e5ee

SHA512
5960374d6aaeb969f4f4021e04ba44288fafff5df1b5d92918916a8c607a19273c36f7868de69bd62ac05a18c654aca7afcef35ab5ffd29645ff2b7114cb21cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6af044625fb1950a720f617106b631a5

SHA1
0c91342263f17640b496b732413da71d36e842c7

SHA256
6481eeff219f00aef2351b4c7c00104470db241f6b21555fb8a7733ffc56464e

SHA512
a445f3ee966365de70a25483da03450bbf0f3de2bb3edf66bfc184084faa51c8e6ba031f1b03db91c264e895dd7082afd59cf5262ae2ac295ca28912b1a9f285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2710e4062a7c954b64fe270d1b482027

SHA1
600b068ecbfd05f158c67c67e838d95aef401886

SHA256
5f4334c06c2d3a52cfbe631c50b1d6baff885cf145b7f749008df75e9935c214

SHA512
12cd9b6eea488080006538d6098f2929ada9df66da9c4e90afcfdff41e2e39f9558db1cc605c077b01970b89ba4e941083444a694cb8f1b61074da428674abf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cda035d8c9ce3b578ad56a44be16d037

SHA1
d7295d5a75b913f1c54ba2a8c4e44a45ef9aca92

SHA256
a3cc6a45283ee2e3efa7e233588a63cea58cd4da2942ca74f2138e8d9538e942

SHA512
d1eac68700c534df5d6229633d6f3171b2049ff1d4fb1b73062d5c095ca99deec01a90c21467a10eecf673c7f4087882c8f48264d89d08d086acdad7afbd8e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
c7b192ae337b7afc6eaa6378c98950b6

SHA1
d9fcb1916803b8ce33a41abc14a79385578c237a

SHA256
61bef3e23a86ab50173b085bad704058ec5769410c7839c162a9edb14466d378

SHA512
5b3a29b3b260e879ee17577f4925e810e7720f66eddc46b9e760fd083af0a512ccec36dd2467853d3d56eaf4d8881a8f7b2bfe1ef499a2603ce45c41d57eb352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
05023ccaf943e15a585ff5e790004ee6

SHA1
a8620426ec2a85eb99fce29f5d350f3cd3354edd

SHA256
add35996ccc3254853bb8c120034ae3083b2b9eb35643ddb11a5bd7b8175c840

SHA512
63c945239bd1c38f541c6d630a06408a81f6c42db040f72bca91f6dc0c82bbc617dc7b40bdf32cc7cb2355a73ef67d801a254e83f3ff3550d7a795fee09c8d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
9d2e3e9725ebb01bcb1fb6800be47f55

SHA1
ce58e9bdd23cec3d48d198d078e9e2262f4a1be9

SHA256
6dd5ead33c594ebd4a24121392ee7bcc5fe8793759e13f6c92ccea0079f0507e

SHA512
6dc71e25926365bc0539d39439d074b831caff8ddf7654a9078582f9a16a69c1a9698b950447f07914fa0b9981c053738253080de589c3cbe097ff076a217b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
31fa29dd9369bd463ab371b89e7efbfe

SHA1
14f5e5b320086b230142d33417b36268c7ebe06f

SHA256
db74ba0d70bfe9e42c5e059983599af09d1b90591d774d2cc7aabcb4da442623

SHA512
de5bd3e406738808d0e09676dd4eb315f6b2ee6732d697997f65797310c9784fbf7e4ce90980b5dcf66efa95312e084d08ba41ca997b1f636ce96f309fd2bdc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit