hxxp://trackerc[.]osend[.]in/EmailClickTracker?query=ZXNtZX58KjcwNzYyODAwMDAwMDkyfF58Y2FtcGFpZ25-fCp8XnxjYW1wYWlnbklkfnwqfF58bUlkfnwqNDU4MDE2MjMwNjM0MDI5NzIwMHxefHRvfnwqZy5qdW5haWRAd2F0YW5peWEuY29tLnNhfF58ZnJvbX58Km5vcmVwbHlAZXhhbS5udGFvbmxpbmUuaW58XnxyZXBseVRvfnwqbm9yZXBseUBleGFtLm50YW9ubGluZS5pbnxefHNlbnRBdH58KjIwMjQtMDQtMTZ8MjM6MDY6MzR8Xnx0YWdzfnwqbnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbHxefGZpbGVJZH58KnxefGZpbGVOYW1lfnwqfF58dGVtcGxhdGVJZH58KnxefGNyZWZ-fCp8Xnx2ZXJzaW9ufnwqVkVSU0lPTl8xfF58YWN0aW9uVHlwZX58KmNsaWNrfF58YWNvZGV-fCpOdGFlbWFpbHRyYTF8XnxwY29kZX58KlNhblRyYXxefGFpZH58KjcwNzYyODAwMDAwMDkyfF58cGlkfnwqNzA3NjI4MDAwMDAwMDB8XnxvcmlnfnwqaHR0cHM6Ly93d3cucHJlbWl1bWJhaGlzMjgwLmNvbS90YXd1bi8

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 08:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://trackerc.osend.in/EmailClickTracker?query=ZXNtZX58KjcwNzYyODAwMDAwMDkyfF58Y2FtcGFpZ25-fCp8XnxjYW1wYWlnbklkfnwqfF58bUlkfnwqNDU4MDE2MjMwNjM0MDI5NzIwMHxefHRvfnwqZy5qdW5haWRAd2F0YW5peWEuY29tLnNhfF58ZnJvbX58Km5vcmVwbHlAZXhhbS5udGFvbmxpbmUuaW58XnxyZXBseVRvfnwqbm9yZXBseUBleGFtLm50YW9ubGluZS5pbnxefHNlbnRBdH58KjIwMjQtMDQtMTZ8MjM6MDY6MzR8Xnx0YWdzfnwqbnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbHxefGZpbGVJZH58KnxefGZpbGVOYW1lfnwqfF58dGVtcGxhdGVJZH58KnxefGNyZWZ-fCp8Xnx2ZXJzaW9ufnwqVkVSU0lPTl8xfF58YWN0aW9uVHlwZX58KmNsaWNrfF58YWNvZGV-fCpOdGFlbWFpbHRyYTF8XnxwY29kZX58KlNhblRyYXxefGFpZH58KjcwNzYyODAwMDAwMDkyfF58cGlkfnwqNzA3NjI4MDAwMDAwMDB8XnxvcmlnfnwqaHR0cHM6Ly93d3cucHJlbWl1bWJhaGlzMjgwLmNvbS90YXd1bi8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578145677323987"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 2064	212	chrome.exe	84
PID 212 wrote to memory of 2064	212	chrome.exe	84
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 1792	212	chrome.exe	85
PID 212 wrote to memory of 3532	212	chrome.exe	86
PID 212 wrote to memory of 3532	212	chrome.exe	86
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87
PID 212 wrote to memory of 5048	212	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://trackerc.osend.in/EmailClickTracker?query=ZXNtZX58KjcwNzYyODAwMDAwMDkyfF58Y2FtcGFpZ25-fCp8XnxjYW1wYWlnbklkfnwqfF58bUlkfnwqNDU4MDE2MjMwNjM0MDI5NzIwMHxefHRvfnwqZy5qdW5haWRAd2F0YW5peWEuY29tLnNhfF58ZnJvbX58Km5vcmVwbHlAZXhhbS5udGFvbmxpbmUuaW58XnxyZXBseVRvfnwqbm9yZXBseUBleGFtLm50YW9ubGluZS5pbnxefHNlbnRBdH58KjIwMjQtMDQtMTZ8MjM6MDY6MzR8Xnx0YWdzfnwqbnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbHxefGZpbGVJZH58KnxefGZpbGVOYW1lfnwqfF58dGVtcGxhdGVJZH58KnxefGNyZWZ-fCp8Xnx2ZXJzaW9ufnwqVkVSU0lPTl8xfF58YWN0aW9uVHlwZX58KmNsaWNrfF58YWNvZGV-fCpOdGFlbWFpbHRyYTF8XnxwY29kZX58KlNhblRyYXxefGFpZH58KjcwNzYyODAwMDAwMDkyfF58cGlkfnwqNzA3NjI4MDAwMDAwMDB8XnxvcmlnfnwqaHR0cHM6Ly93d3cucHJlbWl1bWJhaGlzMjgwLmNvbS90YXd1bi8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafee6ab58,0x7ffafee6ab68,0x7ffafee6ab78
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:2
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4232 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1616 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4504 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4768 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4752 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5084 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4056 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 --field-trial-handle=1872,i,7176784838130709475,11927533398513550595,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
61cf761fa797593accd612b5f7003341

SHA1
d50309f1779dbbed9f70fdcc2c18ce1f584f6de5

SHA256
3d9d226ea4d1bf289d7831c21e75bdcdfc822a90437adf3257e2093e1ffb06ba

SHA512
82785bb62dc5500b4df4ba976550e042eb7c591f4b68de7b84c22dac1f8e26ed658a0dee26f8af2adb7454a5e9049bd1d1a1adbe2363101ae6a3532eceb73105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a4122b9da1540b5074d791f0b966ae86

SHA1
88eeffae8bd7c8a7bfd79d87401c0f066befdae7

SHA256
c0b6a913a15da8a6b942ecd8fde93b14f6c1b78485cb4d0dc92c87ba0c81da49

SHA512
732ed2b71bc5134d40f5b598bb9aa4960783dc6cf2846c7a9a2e594bb8c976379aac17abab4802baecf39bf203722492d6d840cc647db1f5ac4479d14e7ce2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
509B

MD5
585e958274f09d1c1ff0388610df1297

SHA1
b6d66773193b8317395c260efe94fe545825bf3b

SHA256
18e121468c333bed507e64674147aebbe45c1f932bf88b30fb1adb1d674dfdf7

SHA512
a6a516b2897761188831807767cdea3702b0d526bf7422f424ca0c7c64082a970ee17bafa8e2346a75a226528551935e8c411f6d883645882e6e44cfd7e51a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
833B

MD5
b19b253514997e06cd22c414dde0a8f6

SHA1
496f39b20779138243ade0c9a5f42754d30bdb3f

SHA256
f0b07b0b49ee472ca72166b83764e28bf143a34d5515f04ad4e5bd9b544fdacb

SHA512
385ca53fb97038c67fa14140db5fa4139447973a1244b947b68c12402fa61c7113e7719ffa9155f7c8929aa6756f37b6ca1decd2dd62bf7c1081f8c824ac66a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d7c2c5d797c84bdb0edb2f5cc766e9a3

SHA1
0ad776c271f7fe3af03829a670aecf038afcd40c

SHA256
36f54f0581c4c1fac0e4c3a7d2158dfe23c7b04c7e2f90c77aea1abbf14dd81c

SHA512
80e52e7a7cf447ba92b782bd2bacaa5aa0c67ad56404864946b5a212131b96e312f84ad8debea8090cec9091886ee2e8d9ddee6a82d52a3db7657d6fe5d24a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53300b65f78e065837c2175d2dd1ca26

SHA1
0fb6d7b953a59b6db3da29a948c8afda458428e1

SHA256
dee98664a47b81046bbcb4e8ac8b68a66caf49564ac49327aa7718c507cb6c92

SHA512
bde971c9709bc2bf4cc5e48a3c85c91f4146cf28d90b1c88b019207a7417feb5be608e10713007d192c0e77371a070559dbfee4a9a2397b19c15c6b1b81d1de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
69094db27a37b8394889fda2f5429d25

SHA1
c1580710f5cd6ef030dc55980ded2923b2a96696

SHA256
dfbffb3c74e66ddc209a4554ccd3eaf7300a606018c64f6e7d3a375ee0823e4c

SHA512
ca7f682b91196ba412ea0073899af5ceca1ba6edec446c8f3eccef6328a9dcf11ab721b65ea5cfdd0049b6002596f28f7fd86cf659e1b6569499284b65ee3514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a96ea79413ed012cddf8b71489e20ddb

SHA1
168ba1aae97d901af0d438cb24a5292cfcfbb737

SHA256
55d1225f9228b7233b1b9a36e88e84a20aee2b2de98e526c0986bfd4a12e0acc

SHA512
fdb6f7feb7fb51e2c588dc2f8b3e24c30e36db815eeb0e8b1b4bf5d2999e4cd83d0136ce9b36a57d57ec62f2fdedcb7e985cb8d03f0bdb7d3f812fc535cff7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5850cb.TMP

Filesize
48B

MD5
a00dab10c307d6db18941f035c38adcc

SHA1
aeba8988b535124a6f07ee7f16371160fc0f7c11

SHA256
9509697155992c629247b90f4412f1479b8d016f4912c64e97709e796b926f4c

SHA512
75e2845716960d002b45c823c83e7bd20f3a7d40b4023aeb5012a0702d99ee1271a36895c23597d312c210a08ae80ff526112bbca5c71f7dc81cb2ec230194f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
b29eb066c7fe70719bd19549eb6136d1

SHA1
1b3ade4b2e5626e49a90af94d80944322946f308

SHA256
117cd5efc836b76968f7a985826b7ec07786adda6374ccd2110144745d3873d0

SHA512
04b4964479be8b8fbfe8889adc6bb0a80c4826ca3a0f0de43f60c76d6737a0d7445c511e155cae143d0296ca1fe012895e884f49534e0aa9b8c4d0fa44373fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
195909be4f45714895baaaaa7d26a6b9

SHA1
0bc8bc465deab224cf09ef16631991a72799494b

SHA256
7ebcd83bbdba799300044916b55e6e8c831c69ddd929ad3331ff077cfee7c77e

SHA512
398de73a47755c5496885d8d60c3a673e14598fc0f2457bb3b4a2fdf241e3665bcc5435eb020bbe1b6f0f0795d8a7cb50636b73ed774caada8ec2453928a6ca6

Download Submit