hxxps://gzmzl[.]app[.]link/OQIpWVfiRBb

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2023 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gzmzl.app.link/OQIpWVfiRBb

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359714122787206"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
1676	chrome.exe
1676	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4560	4644	chrome.exe	71
PID 4644 wrote to memory of 4560	4644	chrome.exe	71
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4968	4644	chrome.exe	83
PID 4644 wrote to memory of 4936	4644	chrome.exe	85
PID 4644 wrote to memory of 4936	4644	chrome.exe	85
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84
PID 4644 wrote to memory of 4408	4644	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gzmzl.app.link/OQIpWVfiRBb
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff929419758,0x7ff929419768,0x7ff929419778
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4868 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3360 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5012 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5028 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5004 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3204 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4876 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5148 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3364 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5404 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5340 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5288 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3748 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2740 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 --field-trial-handle=1860,i,13485308413178110815,17931986804719115752,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
896B

MD5
0c3adb1c37d6a26900567ab064e1a589

SHA1
df8866500f688d2c3a011f8a3975147a0c9bc90c

SHA256
ac406abe90d36c8b617b377834b83341ea171d1e1f7054dd9d6b7da42cb82886

SHA512
acdbc84dae130bb0312f9b650e33305b0ea656577f4839048da2d534596f2bf5541b050048ec3f4ede4dd4adadd318f7cc2de04d407d84fc5b59fe15304d987b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4d45093439c541eaa71fae3257b09783

SHA1
8c3b05df296c5c53ff64d7babb9777e2a5823926

SHA256
e16d01a11c65ae71f3fc6c9399b41e76d70d1bc8133e2dfdf2b3c996c21ee378

SHA512
f1b8ff29a87c602d9c62226596bec6fd2d23cb765ae0d50786269736ed54de2b5ddd923e1d751ebfd267701c59fc0c0d309d35f60bd1817509a3f76b4b8c2def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3b7e90ef8d5c9f4c45518f46f23a3b88

SHA1
593e3541bd8c0c5798cc9dceba8f4e9105634de5

SHA256
9cec3efc151fc9a67866d73cf6dd5951d764344d26e960c22cc83200f259b838

SHA512
d316272104747edc8398d8f7d9234d0a371ceb3eb35166da1ae5b74324efe26a1c16967968c3ed2dad86dc99a4efb5877071b36b1c61e61404b1cf69f19faf75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
214b82449987ff7f07e2a399c0425ca2

SHA1
7ee13b28bfd48176078d7ab4cb2282a322783883

SHA256
a6284c2c9aeb3c49cded7479a2d5f99ffca7531ac4610500bd6089fcb1b5f70e

SHA512
bfbd0224b962f32ba1c875e61bd8649444cd0019f6e7f63f26ae7293f81fbb3a943dc0ab731d5bbe7eae4afe2f8302fac4a918766df39bdc2ba6320da5215637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
bf42e207d9a5d3a61a0aa896ece887f0

SHA1
eeacd38baa1bf63ba75d13a63c3dcfd3fe9cb1f9

SHA256
8f23d854504b9e72d433dafa7ab3444e047071ce63582a5f5eb14a8858a5a2cc

SHA512
63c11cb457ca15b48a4a6ed320b8ab99a9a0e28af3ff82e4098d81aaff86e30214d43f3397482ab97b0c5606997932ba474e75283c497b0b742095647ac83ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit