hxxps://t[.]rdsv1[.]net/ls/click?upn=0B2ahlwnC7rX094VOW1QMZL7XMQvYIy7iIlfhf1hYc9J7-2F8OKRg41zuEbnv9fO4LDqjDlgS4gf45wWrsnDSMGytyIyxbt9hk8Fd-2Bi13Ma8zavG16nAOSWO4cg4sX3RSCOjTEtkU0VIgJlC4GFEq7bra5BfS3X0CR7QY6MNiNjUkYDgcvCjtACKM7ueuws-2FU-2BOIGWJ5VUWYqNLnEWnFXOzfoNOJytz39eqlKLczrGF4fY3H-2FPPXOSRyI58wUcSY3XZCWq_-2F1NA3ECpraoDvor5b4IY4U2w5l6Odcfz9M7FzmxxTcXnSlIuKzAn7rIpAM4XdR1YRaJcdLfifwXrQjmq8wv3mb6KWKTHrVz-2B-2Fdv8TY3bbLMntgNz3-2FqCtNRR8utuj06CVHxpcdIMRTSYIxZtOclSrnXPJCulCwfKZIwDyUEvGHwfoHLYv5wZvDOuyOkbZ9uwf3xLZHL2nao68WhOsmcgncwDTSNdoKkZO-2Bddy7C0MAf-2FjpTHVQdcA99T3UfuKIxftI9JF3dtNjN2AHCk6eo2XDjufoSehdNQZokw-2BmW-2Fbu3gyCUCsHU0iqo47Wnm4dUlRjH6PcBuA1NlTAR7YithH-2BAlbZxHpETHWP8V2c3vbq0B0143Ye1dQvQuGFd-2FOZSEfUgXpaVz5gNdg8NHiw8QFwRoriBgH0-2B4cbvnfu6A26m7PsImBMNkartAhUkIFkppzLzilQoBOohGSK1ekdNfQBnZRuNkBmCA06ghnsi93iVdnHMXdUVB6LYJYxGtI8hL4TrEczfn1sVasGguYwUy-2FjLlujOvhf8P1pPvlPdZ8lIP0BdYcGh5K0BtnR-2BlURsPVnb4EfNcGzXR-2FJ-2BUTcv0OisaiA6MSfipryCofbzpIwkbjklZaAzQITajAf9Wd4weh1bdtsGS1nPSRQ5U32jnggQh9ROkjYP1uR2WfMJcRfatPUUUt2b6PBLtPIspIteG

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.rdsv1.net/ls/click?upn=0B2ahlwnC7rX094VOW1QMZL7XMQvYIy7iIlfhf1hYc9J7-2F8OKRg41zuEbnv9fO4LDqjDlgS4gf45wWrsnDSMGytyIyxbt9hk8Fd-2Bi13Ma8zavG16nAOSWO4cg4sX3RSCOjTEtkU0VIgJlC4GFEq7bra5BfS3X0CR7QY6MNiNjUkYDgcvCjtACKM7ueuws-2FU-2BOIGWJ5VUWYqNLnEWnFXOzfoNOJytz39eqlKLczrGF4fY3H-2FPPXOSRyI58wUcSY3XZCWq_-2F1NA3ECpraoDvor5b4IY4U2w5l6Odcfz9M7FzmxxTcXnSlIuKzAn7rIpAM4XdR1YRaJcdLfifwXrQjmq8wv3mb6KWKTHrVz-2B-2Fdv8TY3bbLMntgNz3-2FqCtNRR8utuj06CVHxpcdIMRTSYIxZtOclSrnXPJCulCwfKZIwDyUEvGHwfoHLYv5wZvDOuyOkbZ9uwf3xLZHL2nao68WhOsmcgncwDTSNdoKkZO-2Bddy7C0MAf-2FjpTHVQdcA99T3UfuKIxftI9JF3dtNjN2AHCk6eo2XDjufoSehdNQZokw-2BmW-2Fbu3gyCUCsHU0iqo47Wnm4dUlRjH6PcBuA1NlTAR7YithH-2BAlbZxHpETHWP8V2c3vbq0B0143Ye1dQvQuGFd-2FOZSEfUgXpaVz5gNdg8NHiw8QFwRoriBgH0-2B4cbvnfu6A26m7PsImBMNkartAhUkIFkppzLzilQoBOohGSK1ekdNfQBnZRuNkBmCA06ghnsi93iVdnHMXdUVB6LYJYxGtI8hL4TrEczfn1sVasGguYwUy-2FjLlujOvhf8P1pPvlPdZ8lIP0BdYcGh5K0BtnR-2BlURsPVnb4EfNcGzXR-2FJ-2BUTcv0OisaiA6MSfipryCofbzpIwkbjklZaAzQITajAf9Wd4weh1bdtsGS1nPSRQ5U32jnggQh9ROkjYP1uR2WfMJcRfatPUUUt2b6PBLtPIspIteG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379549230531690"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 5088	2904	chrome.exe	84
PID 2904 wrote to memory of 5088	2904	chrome.exe	84
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 3224	2904	chrome.exe	86
PID 2904 wrote to memory of 1260	2904	chrome.exe	87
PID 2904 wrote to memory of 1260	2904	chrome.exe	87
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88
PID 2904 wrote to memory of 5060	2904	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.rdsv1.net/ls/click?upn=0B2ahlwnC7rX094VOW1QMZL7XMQvYIy7iIlfhf1hYc9J7-2F8OKRg41zuEbnv9fO4LDqjDlgS4gf45wWrsnDSMGytyIyxbt9hk8Fd-2Bi13Ma8zavG16nAOSWO4cg4sX3RSCOjTEtkU0VIgJlC4GFEq7bra5BfS3X0CR7QY6MNiNjUkYDgcvCjtACKM7ueuws-2FU-2BOIGWJ5VUWYqNLnEWnFXOzfoNOJytz39eqlKLczrGF4fY3H-2FPPXOSRyI58wUcSY3XZCWq_-2F1NA3ECpraoDvor5b4IY4U2w5l6Odcfz9M7FzmxxTcXnSlIuKzAn7rIpAM4XdR1YRaJcdLfifwXrQjmq8wv3mb6KWKTHrVz-2B-2Fdv8TY3bbLMntgNz3-2FqCtNRR8utuj06CVHxpcdIMRTSYIxZtOclSrnXPJCulCwfKZIwDyUEvGHwfoHLYv5wZvDOuyOkbZ9uwf3xLZHL2nao68WhOsmcgncwDTSNdoKkZO-2Bddy7C0MAf-2FjpTHVQdcA99T3UfuKIxftI9JF3dtNjN2AHCk6eo2XDjufoSehdNQZokw-2BmW-2Fbu3gyCUCsHU0iqo47Wnm4dUlRjH6PcBuA1NlTAR7YithH-2BAlbZxHpETHWP8V2c3vbq0B0143Ye1dQvQuGFd-2FOZSEfUgXpaVz5gNdg8NHiw8QFwRoriBgH0-2B4cbvnfu6A26m7PsImBMNkartAhUkIFkppzLzilQoBOohGSK1ekdNfQBnZRuNkBmCA06ghnsi93iVdnHMXdUVB6LYJYxGtI8hL4TrEczfn1sVasGguYwUy-2FjLlujOvhf8P1pPvlPdZ8lIP0BdYcGh5K0BtnR-2BlURsPVnb4EfNcGzXR-2FJ-2BUTcv0OisaiA6MSfipryCofbzpIwkbjklZaAzQITajAf9Wd4weh1bdtsGS1nPSRQ5U32jnggQh9ROkjYP1uR2WfMJcRfatPUUUt2b6PBLtPIspIteG
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd1c39758,0x7ffcd1c39768,0x7ffcd1c39778
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:2
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1856,i,13549916083792768894,114775739740205994,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cd7cab2a529253fb425dce3bea22b28a

SHA1
9ddb10fa9cf8b5b8e36668c60eefdd69301ef6a0

SHA256
5c0aa50404f558fd7ba9b86756e79489ea8ebbfb319db9ed4d90c44449a087bd

SHA512
c90579c8839a83375b6d8bf6285fa37c36930a7b1ac4a41a4f2327ed0851d45c727200b2196821b7e177bb56c663abe9d84f45982d4b0e77690b917a078f555f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
188deab871c23bff9ec21e47cd19bbcd

SHA1
ed3ecdddf08f4c5d6c9c50f5a27e8899b1a87d02

SHA256
db9614fb45d0f4b2ffd0d63f5ea273bd97674129e3bcbc4d38118ee5f13db95e

SHA512
4692e78cb0aad0e5cf4616706160ee95e00560cc23991e522a9b2daa27ae3f165daf14208e7facd9ab8ad7d221b84867f048f6ec6632b8ee2853b596f361bce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c6b1ffc1d9a513ab368a0d62e9afd8bc

SHA1
4e276e591c4181c864a77555b68b2b9540f73ce9

SHA256
287764a8f87b917d807d9342c7d0814c3c4154d81205049f639fd5f226a2087c

SHA512
fdd38a098e8806f780d7791e292737bc7516b7695479d8884eca689a0df0950f4d97fdadbff6cf52ed8612265843a5c46cf0e64d704945c570b39dbbc91ccf22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b867629007b1673b2333279f18489eba

SHA1
0806a2163e4c1619c34fda4dee3d080544f0619c

SHA256
3ddd1c0110056f866046b1fffa57d6b8b65a9f8801efcfd26ff837eb3e36b392

SHA512
ff3643642dfdb898c4b0ad7fe1c09c1deb6fe02f3685ca749e72bf96b4be0551e732b666e31e966ac09092cad00b9652e870eab02e3c56f8fda1590d95d61ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1546861b1d85573f24abf90d8a78fb0d

SHA1
db9e45f83d21417610713ce3890102f197ddf9c4

SHA256
a2d86076828f98ae29bab8fc609d89420d394d79e8cc52e821f31dadd172fe91

SHA512
a86a323183d7e9029e1902b3b0f79da6b13fe67b0954ae8bc9818ef1f2caea46ec09fd7e0fd6d3001fb9cd38f5a17b8ab7385059955510d801fdfdb4da2d3925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
94KB

MD5
8d0acac6757a9d1ab65de1838a5eed59

SHA1
69cf17137c734ad0411cf6c5c36d28e55929255b

SHA256
a789821aa6ca08633409768c3801c1eaf3e6e22d85d5c2e70e7dc1f7992ae067

SHA512
179553807ffa0c5a5eca76d11d8b74115a02552ea4a0896aed8bdd192baf004d2209ec1e00371ba31376b8eec49d8b128db0337e5e74706bfa088f599c7c4eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit