hxxps://mahrea[.]clickfunnels[.]com/optinggdl8m3z

Resubmissions

03/04/2023, 15:36

230403-s1ydxaff54 1

03/04/2023, 15:33

230403-szaapahc81 1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mahrea.clickfunnels.com/optinggdl8m3z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250169870392903"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 456	3932	chrome.exe	83
PID 3932 wrote to memory of 456	3932	chrome.exe	83
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 316	3932	chrome.exe	84
PID 3932 wrote to memory of 1792	3932	chrome.exe	85
PID 3932 wrote to memory of 1792	3932	chrome.exe	85
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86
PID 3932 wrote to memory of 2676	3932	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mahrea.clickfunnels.com/optinggdl8m3z
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadf309758,0x7ffadf309768,0x7ffadf309778
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:2
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5096 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5744 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5980 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5988 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5192 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5176 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5816 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5408 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4532 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1856,i,11339003243757307719,16929592161470783760,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
16e1e15ac6575e5c5f4987b61567c286

SHA1
4940c2533e24080cc4ba892454d8237aaf871b3b

SHA256
c54dc4003f55000935834bcb991882482716c1fcebda67e5fdd2f49b9eef2fc0

SHA512
89e1fea5503f5d40a027db4d7806c3c49d6645b49699803342e413bac4fab3a62e759532b5e36d8dbb156b93fc5a7e46e4197d507dbb1ae6ad3b7ed3e7a4b980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
43KB

MD5
196da7965a81162386891cae0bf9683d

SHA1
0769cba17216d33de8757523246bdbc8e3094e11

SHA256
a24356352188f108c441912b53826690e0d031c30bf3eed4d11013a00c94c4d8

SHA512
effeef76f9567342776c871b974d07049168c8b8291ebb98071af328485656beb9f9f283fbae190267376df93b083e19a4a8175546ca6237a813424ccf74678a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8857f4c3152653f5d9390646e5135e0a

SHA1
d0689130201fe4dccfd03887f10c08e7f5087eb6

SHA256
abf5fbcb0492c772e98da919e8beac416ebbfefb6ffff44066cf37d2f5cdbf7d

SHA512
89ae88e86fb3134df4e648a7c6c1347f2371e1e539d9c96d3f0e249ed3eb6de91fb0ab56103a03ee82a7bef8d304e78c76122e5f7d620020c6f994943ba429ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8bdce2ca0c76e5b1795c197ff7aa3740

SHA1
147c2d94919775261a344f142426a121a89d45ab

SHA256
ec4cde8b1cb1ea9c849daa837590ff2a48364848e8c5ac347e1aa30d1b5869fa

SHA512
bb94f65426f30c5558e8fe224f5424b643d9d276b91e63572e948ea946987c9cf42e55e2f0c67198062761203280cdb8cac35497e823c0a58e9d82d22395400d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
54c08287f94d99c78e6d6a4aab85101f

SHA1
affaf87cf46bbf20e6aa5c00cc2a09bb550d28f0

SHA256
3cf6c174fb09b7a02967008cddfdd8ad47097f82173bed75c100048555a29b6b

SHA512
b1593d5222ed608d0c60b72ffff5c1d1101278b960c270b57bc55f4ca0792f735d44e74be06d77bb7c5327061091a48b65de433a07d3d1de56978bb5a057679a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
b79758573e409fc83a197b053a01aab8

SHA1
b3146bd366c5f047761eeddba931c014592b688a

SHA256
3596e36dd0c2012ad798d2a49c5cb3498dd0fba49133268db14bbc516732bf5e

SHA512
f39065505179a2d23ea40c7f1c2318365c0268047ea25ca2d21735f27507fc432012c3bc76cccabeb20c8e3d5a63ee0fd88452ad8b259d69c108cc7b6b9c1a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcab44e8a34a40df46680c899549c3ce

SHA1
f96f0d46757806cafa9bcde36295469709b21768

SHA256
e6db942048579e189d8dd0d2aad6f5179fa773add05ac66deb9e743b1df3e9c2

SHA512
3821c1a9975966fe070f28190723c75d04e95e1921c07c280c24833866a6672a00013de2e362dfd893a1a71bd5434c3a22e161b6e68682325119a7544dd2dfe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
655d63208b353256714009ce6041c747

SHA1
94aea7c891722a1e42df84e3ade412aea4df292d

SHA256
6331558aac3b215706e015c33c911394c3cb7aaf4d219e0f0a625e08e4aeb847

SHA512
d5bc3ada854c938989641c02cfef7875b1a1c7c511df5f318080459c5d3e2c2e854e24e181f837b06b8c31f00861256937f098cf70eed808bd2324a4f6aaf523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6d19ad4112122d4edccc31088ce8ed3b

SHA1
4a0f46fa807c3948a0a26b89eeb9df256b29a6ca

SHA256
2cb21d8d346922250e2b582cfc25f7f0ae9b7b19466bca6d206023995c561b22

SHA512
36415fc349b324591a95d2e13eaf5d47d91d3f24c56e8c17a850b8e41be929164ccac77d3d8571ae4d2f1f7a801493b5608d688ecd98ee75659fe125c006e33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b2ec6317f5c0def24213524895c96cc2

SHA1
9472478cccf4cbb2970eff8d7e57fd3dd39aade0

SHA256
553723f2d7b5304af9dedb83e569b3c5344fe8332d4672e6d88c2a9e6b60ed56

SHA512
d15f9a2a0a87a95accb659cc67dfe8cbfe36d96c10d6d76eaf2ed53b3f1ab579517e4902613cb490ec0ad2512a3eb2dbe60c2a81b1b4bbdba302fbfd810278a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b81951089d48de92359a5df9764d5c24

SHA1
54ee9b0077fb54d9e5009a62fd623281149af111

SHA256
15edb1a375a9f2a2aeb963d92f9866219497c1c33fd9b05bb35e07451c155d00

SHA512
cca283cfd1b45f80eae555d41c362c3db3f3e73eb0fe9ecc34032e199270715cac6155a74757318bcc529359b4b417d969cf8d41d281848586f19bab37d4641b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ce3ed03dd1048b11bd6e71a0c7a1a9f8

SHA1
a2259a4d593db849b6d0a5e79cbcac98dbc57d11

SHA256
d7b3501c2a87136288afeae26f04cb65a96c745c6230dc71e6d44d4854468d42

SHA512
9798c1496e24fd4fc9b65b602f214829c88dfb52c52e46ce0790ba8b530b2429c663e0a0dc977e285224b00d82863839d671a23c49179b44738cb780974df3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
208dbc5cc1f8ae253e0a433af82da04d

SHA1
3727ad7d44b289960b57dbbd51a0ac42abd181b2

SHA256
b594838b82b88a9bc83d41d25a30f6f58471e793b9dfe48c891568905944b5e4

SHA512
10da9b856c221af2156466c7c473bb4026517e351ba09dd03eff5f5196e20a69a9b52dc45071cb365e28fdba87bb3c8e0adb6463fa41e4dfcf1800b6ace594d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
cb2055db859bef778397a5e19843d374

SHA1
7001fab39bc3f28b30db58b18d7e562927470555

SHA256
b7cbf51a9e966531f290db61a3b018c8889090bd7b20c02182a07599fa3027b1

SHA512
369c37cdd55923dfa7dd788e16bf98e79a0f1d083a7bd67ea01663ec4e467d0989e0194614ba1783fe532bc77693c422bc3f9baad213584e04628024d45ab0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c801cd2bc7a6646763c4120d013146a7

SHA1
f7ad32a5491d93e3ed37c6fab6935fb20ef04e72

SHA256
b81fe6be926aaed7be5c433e02be00b8b344d467b635cae961ca945142fe2dbe

SHA512
fe73cebf61a899dcffaeeddb586da99709c81e1acc76766d16a25c0b07296946175e78663615fb3bad23a1088f810cc237fd5866fd17be4898c5b2f6047b86a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56fcd3.TMP

Filesize
100KB

MD5
23f4bee120ad0dfac3e7abe3ab3e33d0

SHA1
665af20fe73b56bbef355a46da73fb834333ae1e

SHA256
bebb5e3b6b4b3cd6f75d2e7b771230d45bf0f5d1bc9994d77d905ee9bb8899c1

SHA512
a5d216a50607b86f794ae6adeb342141b6005da578ddf9a93c8fc9d4249ecb582917634bcd40aa289a78f5f8795e3bd8e21c89684386e2d3f13b56d196aefa2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit