hxxps://cg9zr04[.]na1[.]hubspotlinks[.]com/Ctc/DL+113/cG9zr04/MVPsY61Z_w2W3lM_hs6qVRvLW65wf3Z4Y88sJN7qyk_G5nKvJV3Zsc37CgGbJW8Jjnth49y19YW8dY5ZX64C6x1W1K08Py8Qf43tN2zVgz-ZrkVyW33JplJ5hySVvW1Mwq8n6kK9zvW2txr_P49TKSJW5nrzDp62LBCXN2T-P_LqHNgJVnHxSx5X7ZWZW3Cb-Nk5Qsrr3W4KLCb-1kMvMcW5x-5W495yHHwW9cLjTn80tFdGW5LYvMz8XrqthVTK62V6nDQH5W3Zbwx_5HRl-HW1Z13mg8JKjxYW5t96YJ4rfcb1W5d-6s41_mVFSW5tCS4F33RMdFW8t044Q2xNtKbW3Rzsj02j8YgkN4qPx2XbzDhKN3LLNRrGw6K-W7M-kXy23lkw5W2MBRTC1hwmJVW6KfKrx2lLQMvW3DstNX285pwgW3tb78G2vNBkWW4Xvffd5Lwz73W8bVx7w3YyhdrW5gb8Dw7D2J6tN8Dtm-mzb4t_W5rGw_D4fmdMpW8m-nM65XM7G63cG71

Analysis

max time kernel
150s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16-03-2023 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cg9zr04.na1.hubspotlinks.com/Ctc/DL+113/cG9zr04/MVPsY61Z_w2W3lM_hs6qVRvLW65wf3Z4Y88sJN7qyk_G5nKvJV3Zsc37CgGbJW8Jjnth49y19YW8dY5ZX64C6x1W1K08Py8Qf43tN2zVgz-ZrkVyW33JplJ5hySVvW1Mwq8n6kK9zvW2txr_P49TKSJW5nrzDp62LBCXN2T-P_LqHNgJVnHxSx5X7ZWZW3Cb-Nk5Qsrr3W4KLCb-1kMvMcW5x-5W495yHHwW9cLjTn80tFdGW5LYvMz8XrqthVTK62V6nDQH5W3Zbwx_5HRl-HW1Z13mg8JKjxYW5t96YJ4rfcb1W5d-6s41_mVFSW5tCS4F33RMdFW8t044Q2xNtKbW3Rzsj02j8YgkN4qPx2XbzDhKN3LLNRrGw6K-W7M-kXy23lkw5W2MBRTC1hwmJVW6KfKrx2lLQMvW3DstNX285pwgW3tb78G2vNBkWW4Xvffd5Lwz73W8bVx7w3YyhdrW5gb8Dw7D2J6tN8Dtm-mzb4t_W5rGw_D4fmdMpW8m-nM65XM7G63cG71

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234585758049720"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 3784	2136	chrome.exe	66
PID 2136 wrote to memory of 3784	2136	chrome.exe	66
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 3188	2136	chrome.exe	68
PID 2136 wrote to memory of 4444	2136	chrome.exe	69
PID 2136 wrote to memory of 4444	2136	chrome.exe	69
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70
PID 2136 wrote to memory of 4388	2136	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cg9zr04.na1.hubspotlinks.com/Ctc/DL+113/cG9zr04/MVPsY61Z_w2W3lM_hs6qVRvLW65wf3Z4Y88sJN7qyk_G5nKvJV3Zsc37CgGbJW8Jjnth49y19YW8dY5ZX64C6x1W1K08Py8Qf43tN2zVgz-ZrkVyW33JplJ5hySVvW1Mwq8n6kK9zvW2txr_P49TKSJW5nrzDp62LBCXN2T-P_LqHNgJVnHxSx5X7ZWZW3Cb-Nk5Qsrr3W4KLCb-1kMvMcW5x-5W495yHHwW9cLjTn80tFdGW5LYvMz8XrqthVTK62V6nDQH5W3Zbwx_5HRl-HW1Z13mg8JKjxYW5t96YJ4rfcb1W5d-6s41_mVFSW5tCS4F33RMdFW8t044Q2xNtKbW3Rzsj02j8YgkN4qPx2XbzDhKN3LLNRrGw6K-W7M-kXy23lkw5W2MBRTC1hwmJVW6KfKrx2lLQMvW3DstNX285pwgW3tb78G2vNBkWW4Xvffd5Lwz73W8bVx7w3YyhdrW5gb8Dw7D2J6tN8Dtm-mzb4t_W5rGw_D4fmdMpW8m-nM65XM7G63cG71
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb8829758,0x7ffcb8829768,0x7ffcb8829778
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=292 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:2
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4680 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4768 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4940 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5200 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4584 --field-trial-handle=1812,i,6031582764471641618,16507251630881620908,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
160KB

MD5
67145d1dd8c7201ad506c8734df41708

SHA1
9f10d87858deb8ee394d47a6268494905ee9f0c0

SHA256
e0ebeeb232953726660519b937e1cadaf1cb2461e8c044044ff2e9a481f085a0

SHA512
cbf26927e90100331eb8cb94bbf4da6ab431e7dc4919ca6068e672cb07b2d938351d502770433707e98bbc506297fa221dced4fbaf3af92d281da7d18f80c95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dd4df9023ae75d4ff653bd7a10236acf

SHA1
352c75bc5204bef8dcc80e46cb2b8e3263c1e2c4

SHA256
f98baf0f2cf2688916c863e84363b709af265cd51af53357714540d6927003c6

SHA512
f697861501abcc2de78c81208dd026b7e6b5c2af18de95bb55bb5de217376c32e00c86281d3c94ec63cfd6c0609ef5d75d7455a0580739953625b51c6697ec6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\85edf314-1e4e-4d30-b7ea-308413e03e7a.tmp

Filesize
3KB

MD5
d2479e002384e593f114768094217e21

SHA1
d475afba40f02f290d45fa66254fbc4f9c93e803

SHA256
e7ab8a67a60f02058e8e6dbe1ad71df4a15922e5244d0d2d992bd59620fca3da

SHA512
95e3b3f46b4f1963f9d4fec6106ed7ce8eb0621f57779eacefada00fbddbc343cee05b3c2d5e878957fbaa55fcc5cd37ef95159261b9d5d123531d8a3470f5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1a648ae4e29c6381ebf9705f4ccf7d41

SHA1
6377b58485e16edec01bc831331d582e5ac1884c

SHA256
50386ea2f9ebf84d105d7d8ce6b56a5d48816aee5fd9c0f6611b2273b9ebb338

SHA512
874fe6e7405216ff9f497420dce2343e3ffa5b1be4bd8ec16af8d841d4790562fb41456605cf787b8986ce7855f6e422efd9fb512854692452bd52b22d0b7c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
321e9c8949cacfedcbb88a9e37c6eb7f

SHA1
7c639225e081210b4b722300173eeeabc5342a33

SHA256
bd8706558c21b8a333603e38f72301a39841c758a6d6af6a78ee872ccd566343

SHA512
92c3af5e8514b427a95fa13431de0ba9c9495d1248d5c9be25da61bebd484222030c75819af01828fb45ad8479d9ae6c239625ffe5a0eae0c0d2b5af8d169da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
acc39ad074b362039a87f5a841d28606

SHA1
03f38b4948a7cab0b053b87cf4588141a0cbbd44

SHA256
49d343f02ae20d4fed9e4d4019827e7ff8bba3270afd5725dc07e9bc729db697

SHA512
27f9b37334b94b192e9296a6763299ee39d60d7408d8f5dfe9cf058ee2416f22edd70d1ae2111945c2a16e8db95b26419f70c27af348ca4a0ac64279bd9d72a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b64d7bb3eff2da4c7ca9a674452a2430

SHA1
917b52229dcb84ed653bf59e0ae0b9ed23bd61e6

SHA256
6b5bea2bbec2076c573ceb674477324a49151d8ecac0a9a54d95f76f2872849e

SHA512
4279c7227f35fce17e3f860f1e7ccac8a21ba49ae2f29485ed26c2536815297409088da395e57e228248e8c5572c63b152670badf2d13a45c60b5948adce0399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fbf4908e03c4c89f9ccc26e5dbfd5d28

SHA1
85569c39e01507979f5588095a79c96d75cb4280

SHA256
21f2fc84d540abb4fdb819a05279e1f88620f33ea83c6686a921f9ae63a1b633

SHA512
3bb2d4c90ffe87c9a8599a8315eb533aba597cdcd07029a28ec624b92c8b08cdcec616f6be195c6522bfe37008dda34421862e996c092e68c8f9aef68a8c1288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90933927e3026db8720697faf499d039

SHA1
136667d37791c15407bd11526358b8fb5dcf8ae3

SHA256
8536a010a06fb09baeacba40c8213b70d13c172450a24927dff214937451f100

SHA512
6de7968ca8eaf7d814186574a958abc01eb36ef7907c166d01fa3a33e62fe0fe498610891c68daae9b690a27af009724ea184254ec3a89036a1d6eeb8634ebf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
cb3241dae8f6022060651ddd3dbecb87

SHA1
11af1be7fe86bf6065f6e44cff319b77841ba0b6

SHA256
3cab0677ed22ed39d3ab3584d3740aa642cb9027ecde7a5fd641342ec8e1feec

SHA512
471e38ea907861625e6b5106d98ce5fb5e03c08639a2c8a4e79015de04404ca8ff117e8897b67c6c9ff1404884cfeb67e26c5189a97b3af241c82ea5960eedbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
d4adec194a3d10667f1ba04ab61de8ab

SHA1
ce14379d04139b58aa085c2c0521c1c1f8c6bca6

SHA256
436b5bae640b69fb2ab26e4a96026dcc492bde06cfd7b6da32181a8e83f1d3d7

SHA512
9d2aa59503d8b03b5d61b8aa3b131588f353aaddb00f5d0e48985c074a4d6d42ffd944763a7c20c83ff2568396575b9ed81c1fefc4b353c2ae95f89477096206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit