hxxp://tracking[.]inboundchile[.]com/tracking/click?d=1H68GlSwH7sA9iGOHYhalc1mxVUf7YSge82tO5xJYp3au4M9RfmmXy90w7yo14_gF-67WB2xFFCI3s0DUuZYEHIxhveX51ZVHeZxD1dvogP24RlC4hNixSwKNz3GdksLnH1L7aYQ4nyqNakc4ghtk8T-LmLtIbPsRRx0TuhqGml9UTc8NjV114nLwip1QHZDHJ8mSc0BCG3-cHLx_io-XmpP7U5BwfLS1mHHie_bXqdtNQcK_Hv-EanuYGfym1XQAFF30FZ2E99FPZt5MJgsFzs1

Resubmissions

02/08/2023, 08:34

230802-kgl8jaeg5z 1

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tracking.inboundchile.com/tracking/click?d=1H68GlSwH7sA9iGOHYhalc1mxVUf7YSge82tO5xJYp3au4M9RfmmXy90w7yo14_gF-67WB2xFFCI3s0DUuZYEHIxhveX51ZVHeZxD1dvogP24RlC4hNixSwKNz3GdksLnH1L7aYQ4nyqNakc4ghtk8T-LmLtIbPsRRx0TuhqGml9UTc8NjV114nLwip1QHZDHJ8mSc0BCG3-cHLx_io-XmpP7U5BwfLS1mHHie_bXqdtNQcK_Hv-EanuYGfym1XQAFF30FZ2E99FPZt5MJgsFzs1

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354388776637247"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
64	chrome.exe
64	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 4960	2716	chrome.exe	30
PID 2716 wrote to memory of 4960	2716	chrome.exe	30
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4484	2716	chrome.exe	88
PID 2716 wrote to memory of 4756	2716	chrome.exe	87
PID 2716 wrote to memory of 4756	2716	chrome.exe	87
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89
PID 2716 wrote to memory of 2040	2716	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tracking.inboundchile.com/tracking/click?d=1H68GlSwH7sA9iGOHYhalc1mxVUf7YSge82tO5xJYp3au4M9RfmmXy90w7yo14_gF-67WB2xFFCI3s0DUuZYEHIxhveX51ZVHeZxD1dvogP24RlC4hNixSwKNz3GdksLnH1L7aYQ4nyqNakc4ghtk8T-LmLtIbPsRRx0TuhqGml9UTc8NjV114nLwip1QHZDHJ8mSc0BCG3-cHLx_io-XmpP7U5BwfLS1mHHie_bXqdtNQcK_Hv-EanuYGfym1XQAFF30FZ2E99FPZt5MJgsFzs1
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff835b79758,0x7ff835b79768,0x7ff835b79778
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4672 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1856 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2668 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5420 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4752 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1868 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5432 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2540 --field-trial-handle=1892,i,14680273252111979556,2248611965748113644,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b816a86183836b8363b7b88e8f103bb8

SHA1
e365bd69dc30b9c98232efc2d7cef517380179f8

SHA256
253b67e0ed960207f705f795dfcfabfa7a550f0895e3a686b99faa672e2cf8ba

SHA512
e1ed30fe27b6a7b3fb8f547d99619f2d93e15b0be19441424e07f884783846c51bead23996f894010339f253e6f54e168017d8f8499a6e7de337217748bfa01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
202970b50962880e2155b4779eb3e33a

SHA1
688ad8ae6b5555e976aec481cf5649ba33aeb474

SHA256
7d5911c0d33c2db2bc4d78c00ee07f970514821b5934737869bc64824e7c5b4b

SHA512
6b7e91eb8549dcc9ce2f669a0b5fad72e7ae5fb39020f11af36c9ddda27cf392008ce62759ec31d7dc892c1a12a323a44742dab7786b0233ad70aa9b54eabaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e0a32cc9fe2a1fa8155ed0675884178e

SHA1
83579035815f4666908a05d5be042d7a549cacfd

SHA256
d21c0a82b8378ac32406c3013963d3f647379bec5c9cc1180a56b5f5157709f2

SHA512
16d43c33085eaf8f68944aa0ebe6766c34d0ddb66d0c4ca9826545e943221ac63329158328bd8508be3b31cc7e6bb80a7c4136327312b6741a707c9f666991f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
78a67650052628ce06456c7a8311c582

SHA1
5c5ee5b8462b2c9ee35dff521a08344411bb61c3

SHA256
a13afd2cc0e9aa11318273cb00e09a4947314c99b5daa078ede8c7dd1dc1e37c

SHA512
7f2d83e44562883a7b41f5f4cc983dea3ecd641119cc779cc2c8613fe35fd8126688abb47975bebe317c9e357e6ecf4afc9c3ada2a4fd80cc36ab84dd7d94573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a59ee6cc20686d9a5c6871727f98a23d

SHA1
f962e08eaef0f23cf78fa84a54e28784649505be

SHA256
29be7c7c7fe5131949c7b59f6c9c72c72106c747ab02f16874977ee3c9f64f4b

SHA512
4514067a3cf58ecd8ee739b5f26904577153ce47d3d8a242ec7605a02586f9e1168d644e75825d6f3475b1e2a8fef0a23b77092105222f0322a97d78a0874ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2941090aff5dafb1e9349be1e8336bdf

SHA1
8a4d4b45faf8548eeeea72dc76ad82903b604081

SHA256
efd32d5870a6306ad5a459493cb34539ee90a1a3304f8126885cf88a6c76cb6d

SHA512
e3999a63a776363f7e45af35902ec6fe50761285a22652fd1aa454b644c6db151fa6cd6c9daec6fe77f51b9e253e8888b425b380f4c32bf0fe363e163a145dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a41aa84d275f5156cf20995dc6e68e70

SHA1
31ee99291988ed52bdf43abf5509df7f41aee0d3

SHA256
21dff2609df8ea74373ba982d8e7bd70e3d036878d4f854fa048242f25bb9da0

SHA512
93063361062a9779ea6c6b46e3b2b3aa3b0c4d0176d3c047aeed752ee98cb78386cdfe64ae6388dd1d084182ece9c0f271f0e06b8e48b3a39137827753a8b8b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
01aacf7f69d494c20dee127a0a1d23d0

SHA1
d66bb2f6b2111774fc1a8fcc5bcdfa8db9632ec1

SHA256
1fbd2dfaf0985411ae2243381dec22ef628abda4928898481d8c256e3824e6cb

SHA512
f63214857a9d1385ad74e696f7ca0aa3efb7504b1a405d73453ca554671fde6de6e2b18a1557b0575a18b5431588dbbb44cc052d94a30d4141daaa59051a4313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8cde2ff95af4fc0a9c9f958cb44e523a

SHA1
73123cd9264a92f36f52a6211515cf28a7f1c5a8

SHA256
2e08a3e387a515060d15bfa20e1e8e01c6f289b8b4b84cd7d2b6b3944c4c6bad

SHA512
4c1276b7ceca97ab271c3e8dd3c4623806e8619a3a08ba595775e66f5b6d36f58b19f61cfcbb959b53c5bb54748efd071672f7ec699cc4b8e4f9d3609a5383ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1f6e74aaa6462c2610ac40abf026a2f0

SHA1
c816a01524af1ba2d659d517fc117d1c5d1d6514

SHA256
512d3a7f07082afecfe35954456d1f6cba9bd720a6e731f8447c65b9b56d141b

SHA512
9174d19caaa553b93296942072a35fd3a6cfeb8b5d7996de4892d191f840c8bfc43496740c743a063d2621bb5bf922f162c6df1f78742558ac26f5884a94a492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593aae.TMP

Filesize
48B

MD5
ff71b70eb6f8d250ea76455173d7443f

SHA1
ede02949f16112dbc2244340d2c97f8366bbf5b3

SHA256
7e821e860eef405d752ca69ab355528e8336d8eda6a1f0731b02c4346a1f9b49

SHA512
93da32ab31d7283d4be9c2aa3fdb92fd0fb433b33ee6ececa6f4d4ebde10a6a0d7e595205a3fa0fe589a7d8c2624842f3a0c441ee1253d6154498aaf9a8387f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1e595c3f98744b88d07bf003617b4a5e

SHA1
dcab83b23696f4d46b0af0fde3b7bf996d6ca67a

SHA256
198e8944e65a8eaa0da763dc8784a394d746f0517cb01cf1d0ef504cdc72da34

SHA512
0e4bc9af2cdc78e57c8bcc7dabd611246d286306675dd234a5ff1141b35d9eb8666e5f0da326ab36fb13adac5012951d5865bbbf8f3ff826b17acd7a9f295e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
fd985391125165a4b27e6383746350bb

SHA1
98be78059b0788c54b451543fc030f2d1f0f4f7f

SHA256
286288d27d0eaf1667df27702fa5b89cd5285c01f298d4bc90a79b3a1ad9bb19

SHA512
6e0d4644b53af1443c08be400f1fd2d078b60996519e05d7e24e8045d5d3d1efc7aa6cdce12310a5f10a6e5001843041dd9b02dd7fe8925f2c3f975e37fa4b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
efde817035f77050531030af62a515d8

SHA1
1e46ad17be2e4fbfea84a869af3de0cd8eed392b

SHA256
9e678b07cdf59f236a058bd52354bad206cebe8e2d3f9100faf60ab4ded47b17

SHA512
4dbb9eaaccdb10b4846c273904e7dd3eaf6e2838748506d0642f5656af0a26dbe919b5cf840b24c3751507f8dc7cc17702ada64b9f534cefbab91cf1b56c77b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5925dd.TMP

Filesize
101KB

MD5
244d7ca7407d8de59cb8a069ddc387a3

SHA1
31f78733f2feb38ad18c859021909b741e86dceb

SHA256
e803feedd0adacd4f40ff63dd3a942eb85c7caa153cd59942b36baadb6751093

SHA512
616d4518eed53ae6d3b92dc8215e4b2e7fccff00081be81e56943dca0e2be2cc9d0c880d69126d3271b5f35151fecfe4bc27ff303fbef73e95e979fedca392b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit