hxxp://links[.]notification[.]intuit[.]com/ls/click?upn=n1D1vNUf2DDfuFJ7P-2Bs2FOjggKQQ40p0FkC-2Bz2D1trTjUxBswHbIwXnSGdD95YX6-2B4N1701lJdBFYH3-2BiUm8cg-3D-3DO483_kPF3YZJB72H-2FaRDalFfzG5Baq4wPUyBHzafPaHBjtkD5DNNxDxjMRCe7gaaAguvDei2UfdQaP8Uq7Lk3NQHJfqBtHMQtHTjS-2FHq2Qg-2FcwdizHoX4Fh-2B9j2oQLghQBw6DPk8Ydp89aEdJZWPFwgJ6ZZWnRXl6j26F7kUWZnppd9cX5X9-2BuVrkKV7flemlPGaj7Cz5sXW5OdeELoly5M-2By6Wy-2FuH9jAWQAxYPHae3V-2Fb-2BLdgRmT-2FQjQBvU-2BJYgoRZBLAx9kB6jxHoODHUBfq4LtlZxIzCIoecX2V5IQc6SsCShYT4QsgK4q9PKcSQLC9xnfMUiW4MBX8VcbbMl7lmYiPAP7-2FDeuQvYv8h-2BscanYrscSUFsAtlnjz47gnn9rhVg7HLxv0PI-2BuShTN-2BIn5-2FFkQCft8ZwAir7XhrDy5BmTAlkaS7kJQ1jVrqFeMszLXk6u99AdESOWfgavWT-2FjnMsXdWVMwlRI7RP3gtMU1m-2Bi01rFJWAhQDE7dYdPMaVZDXi2Ipho3pPx6Xu4ateW0t6sXdOMLzy1ROzYRRFYtayJ6QA11-2Fby87EarJD9CZc104dUstiqPdH8L-2FwgSzFrMxNTMFmIDcsJK74hzdheUPqPwaXZVICF5GVixJ-2F8GJW3lk1FKZYOFCFgMueKuxV-2FcJ-2F9cn1VMZ8zFxEEhvA3iUoeiI-3D

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2023 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://links.notification.intuit.com/ls/click?upn=n1D1vNUf2DDfuFJ7P-2Bs2FOjggKQQ40p0FkC-2Bz2D1trTjUxBswHbIwXnSGdD95YX6-2B4N1701lJdBFYH3-2BiUm8cg-3D-3DO483_kPF3YZJB72H-2FaRDalFfzG5Baq4wPUyBHzafPaHBjtkD5DNNxDxjMRCe7gaaAguvDei2UfdQaP8Uq7Lk3NQHJfqBtHMQtHTjS-2FHq2Qg-2FcwdizHoX4Fh-2B9j2oQLghQBw6DPk8Ydp89aEdJZWPFwgJ6ZZWnRXl6j26F7kUWZnppd9cX5X9-2BuVrkKV7flemlPGaj7Cz5sXW5OdeELoly5M-2By6Wy-2FuH9jAWQAxYPHae3V-2Fb-2BLdgRmT-2FQjQBvU-2BJYgoRZBLAx9kB6jxHoODHUBfq4LtlZxIzCIoecX2V5IQc6SsCShYT4QsgK4q9PKcSQLC9xnfMUiW4MBX8VcbbMl7lmYiPAP7-2FDeuQvYv8h-2BscanYrscSUFsAtlnjz47gnn9rhVg7HLxv0PI-2BuShTN-2BIn5-2FFkQCft8ZwAir7XhrDy5BmTAlkaS7kJQ1jVrqFeMszLXk6u99AdESOWfgavWT-2FjnMsXdWVMwlRI7RP3gtMU1m-2Bi01rFJWAhQDE7dYdPMaVZDXi2Ipho3pPx6Xu4ateW0t6sXdOMLzy1ROzYRRFYtayJ6QA11-2Fby87EarJD9CZc104dUstiqPdH8L-2FwgSzFrMxNTMFmIDcsJK74hzdheUPqPwaXZVICF5GVixJ-2F8GJW3lk1FKZYOFCFgMueKuxV-2FcJ-2F9cn1VMZ8zFxEEhvA3iUoeiI-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133269293336293539"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 1700	4996	chrome.exe	83
PID 4996 wrote to memory of 1700	4996	chrome.exe	83
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 216	4996	chrome.exe	84
PID 4996 wrote to memory of 1760	4996	chrome.exe	85
PID 4996 wrote to memory of 1760	4996	chrome.exe	85
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86
PID 4996 wrote to memory of 4904	4996	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://links.notification.intuit.com/ls/click?upn=n1D1vNUf2DDfuFJ7P-2Bs2FOjggKQQ40p0FkC-2Bz2D1trTjUxBswHbIwXnSGdD95YX6-2B4N1701lJdBFYH3-2BiUm8cg-3D-3DO483_kPF3YZJB72H-2FaRDalFfzG5Baq4wPUyBHzafPaHBjtkD5DNNxDxjMRCe7gaaAguvDei2UfdQaP8Uq7Lk3NQHJfqBtHMQtHTjS-2FHq2Qg-2FcwdizHoX4Fh-2B9j2oQLghQBw6DPk8Ydp89aEdJZWPFwgJ6ZZWnRXl6j26F7kUWZnppd9cX5X9-2BuVrkKV7flemlPGaj7Cz5sXW5OdeELoly5M-2By6Wy-2FuH9jAWQAxYPHae3V-2Fb-2BLdgRmT-2FQjQBvU-2BJYgoRZBLAx9kB6jxHoODHUBfq4LtlZxIzCIoecX2V5IQc6SsCShYT4QsgK4q9PKcSQLC9xnfMUiW4MBX8VcbbMl7lmYiPAP7-2FDeuQvYv8h-2BscanYrscSUFsAtlnjz47gnn9rhVg7HLxv0PI-2BuShTN-2BIn5-2FFkQCft8ZwAir7XhrDy5BmTAlkaS7kJQ1jVrqFeMszLXk6u99AdESOWfgavWT-2FjnMsXdWVMwlRI7RP3gtMU1m-2Bi01rFJWAhQDE7dYdPMaVZDXi2Ipho3pPx6Xu4ateW0t6sXdOMLzy1ROzYRRFYtayJ6QA11-2Fby87EarJD9CZc104dUstiqPdH8L-2FwgSzFrMxNTMFmIDcsJK74hzdheUPqPwaXZVICF5GVixJ-2F8GJW3lk1FKZYOFCFgMueKuxV-2FcJ-2F9cn1VMZ8zFxEEhvA3iUoeiI-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbfbc9758,0x7ffbbfbc9768,0x7ffbbfbc9778
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3400 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4836 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5220 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3436 --field-trial-handle=1796,i,9831519765884499485,17990279113491753008,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\47d41ff3-7433-471f-a6f4-6ba7ae2aaa35.tmp

Filesize
15KB

MD5
c6959fd9d9f78663337a3be47f010ffc

SHA1
36fbc6c0f2da6e0966861118ef2c986511781e5c

SHA256
3253bc7cbe024b139fcdee49dbfacafacd39c6bfcc3ab61c6ad4981cffc09a59

SHA512
249929e83868be1b5928181e25dd45dfd83dffb21308feb288e46c8c521d2a45785ba71f0722344f12b5b48374734a743a6f9a8a51739dc0dd22cede8f2113cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
41435ee1b7448e67cfed020b812ae9e2

SHA1
a7564e9baada501ff21310d3ab3e05227899ffd7

SHA256
5efc61236b768d86aacb94ffa1d54e75e78f6340ac9f349b9ad146b4719118c4

SHA512
6fdf800a21d0a5aa2532a686de9714cd0352abd7f400f35039b109cf06854a8ed9a0c5b6f6fe7838164a35825a9b2fc80b665791fe6c11c684983af56b1629ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6764e8d5eaf3d97d7f88f811f72883d2

SHA1
886de81d5bddb46a915300989006217294fe0048

SHA256
bb6a43c64ca835945fe78d8d9c3321d3091c139a8baceb0c0ec8b1fc86c4d33e

SHA512
039aae4f246fe800ba07ed7723ebc90a65f268565c98e1f5a3d2f204e048a971d3ed3558b5455281f37c1c534b4dae98fbfac37b2ec778b3193279457b9ed49a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
83c7083309ee8e3a436db636144c124d

SHA1
bdf30bfb065257c5a30307abe3ecf0465549c50b

SHA256
706cdf1c94eabfa7fcd81e051dc3effc546618a58cad9a1a89ac2f56b31e8ed8

SHA512
55a4efdef7710ca322a7c58f5512741a0ba512f861e7fc89fad8401b6a7f6c9414831f29ab3aa67ae122c3534450f620d64328f27c6670a69fcb7be8bf67168b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2d5fafd34114162134af4cd8d6496a61

SHA1
dbb18c90f3744cf8674dd1fd152458b937c29158

SHA256
73488b71f7a35fb683b272c85174d6784e0e9adb3aa9abf8478976b66c078c04

SHA512
14b0ac32b4cf0e863f47609b0c5c59e6490ccca85d02261eb5332eec6bc76607868b2f8cc1a116d9119c6f60e3055ef189f0c6898f34e899898f20f719ba2a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42bfcb7f79a2246d24f05b47cb59c19f

SHA1
4874b23bfd556008f061512945c5259962655865

SHA256
16fe011c84c942bf7d13f9a385d4a4e7c963221481fc95e7a47cecfb7b70877a

SHA512
b1ca06841182a59ab70a4a64557d15ca8c02bf2c6812a08ea7002a1028512b1b97efe5d513eb8c6a2143c35d87cc5296803ac210adcd7fa4547c97bb17013319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
41f30ffde81fa2b37be1675be02be202

SHA1
8f0258705e57d9d6b49a6ccf8c3cb989c9f7d58f

SHA256
5aa918ac0ce5489fc7874ef0f290f1777f05e9f0890daa915556a3f5cc39e4ce

SHA512
7981be1d5e2486ba2d4aa85719f8e18e09c270afc4d50cbcbe55b58ebae6e54853c0a61c089f89e897fd3c48605e41a80bf55cf7935fdfe72d36872ba1aa7e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit