hxxps://data[.]em[.]officedepot[.]com/ee/v1/click?params=v1[.]RMdVimWGY8LUTa9FPn4gLp7S8Kpuu8YmDGPtqTsRZ94u6e9hDwibaywJllmSpQvnzBFd1-vwuLC8bpXK_7s5gr-zYBt1TVQA-6O_CryNTpCmjQWIUvRbTvebIAmrvonIX8naRmQoZdm__vb9jZOTRNE_G0AKbNz7TI7wrP826e8iyjHUGVsoFFI91QMAyE7lm-e0hGi0-PgNzHhZrmCILamwL-iHeK1bF1n_SzpAsq-aseorWagTpECZBkcxgDhxbvDfevXsm9IK_WT9NbfVMyYQGw_YjVqRRprvFdCQ5ScrL_f4V8jgaPlQp12WEsV02utaa3HTLdptctfTB2lhaG-coSD3OO-5z6hf4mOahjIquoDri7465bYEjmPICMHuExfPGg9YaL56m4cZGI5gqjmn4yoloR4M93Sxu8jgb6y139xzZAeZIB-rwY4x8ULjxydOA0oUkVsMsqii-2aFFFTPwwGBWxn04lJqToKMpKpAxR-zcuPMQ2zWtJbRUc5jPxja6oOO8uTo0JsJNQ0xDWi8yuVuDNyysHsXaOEoD3hAGJYHRL19HiecpOPTmBf-wIMw1LgttIwyhvkamZwh8PZY5PMFirBuhhAkooXD9kh0Kb9_xRqAtg6lPpbe9fmuEy6DhCuRllA3Pnl3-4WKb-wxNmapSL5zqPh02E8e2yYFqVDhsb8cYN49XxXnFga94B3R_bPT0pj5k3c1bdRJSuy3XwYxu-O4ObhDDyRLYeYk3YYjzT8pDUt3DtpYH0F09uzlS7kWfkIagK2__FN4-nNCB4UNKCZksblEgS5tzyKVpWIJCyvY1J5sVAGWM8p3rkR7MVKr-94R6UxPzsrdEc2lQkAw73m4G-8VaNjR1L4Yo0ZJ_mnnTjjPA8K93JF6qYt16yk0Ng0-LaB4Y95pI22JoZrhsMRQ85fG&pid=v1[.]yLulCrXeIAVlWK5d1TtF3Kg1ZOql7ouKhOZ-NKc34b2hmqZ_c9HpTvJ0XgMIYxbSQ3cbzeq1BJ8XnCDKG9RnHwgTyPs&tuid=658ef403363b36591f3230c7&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Analysis

max time kernel
156s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://data.em.officedepot.com/ee/v1/click?params=v1.RMdVimWGY8LUTa9FPn4gLp7S8Kpuu8YmDGPtqTsRZ94u6e9hDwibaywJllmSpQvnzBFd1-vwuLC8bpXK_7s5gr-zYBt1TVQA-6O_CryNTpCmjQWIUvRbTvebIAmrvonIX8naRmQoZdm__vb9jZOTRNE_G0AKbNz7TI7wrP826e8iyjHUGVsoFFI91QMAyE7lm-e0hGi0-PgNzHhZrmCILamwL-iHeK1bF1n_SzpAsq-aseorWagTpECZBkcxgDhxbvDfevXsm9IK_WT9NbfVMyYQGw_YjVqRRprvFdCQ5ScrL_f4V8jgaPlQp12WEsV02utaa3HTLdptctfTB2lhaG-coSD3OO-5z6hf4mOahjIquoDri7465bYEjmPICMHuExfPGg9YaL56m4cZGI5gqjmn4yoloR4M93Sxu8jgb6y139xzZAeZIB-rwY4x8ULjxydOA0oUkVsMsqii-2aFFFTPwwGBWxn04lJqToKMpKpAxR-zcuPMQ2zWtJbRUc5jPxja6oOO8uTo0JsJNQ0xDWi8yuVuDNyysHsXaOEoD3hAGJYHRL19HiecpOPTmBf-wIMw1LgttIwyhvkamZwh8PZY5PMFirBuhhAkooXD9kh0Kb9_xRqAtg6lPpbe9fmuEy6DhCuRllA3Pnl3-4WKb-wxNmapSL5zqPh02E8e2yYFqVDhsb8cYN49XxXnFga94B3R_bPT0pj5k3c1bdRJSuy3XwYxu-O4ObhDDyRLYeYk3YYjzT8pDUt3DtpYH0F09uzlS7kWfkIagK2__FN4-nNCB4UNKCZksblEgS5tzyKVpWIJCyvY1J5sVAGWM8p3rkR7MVKr-94R6UxPzsrdEc2lQkAw73m4G-8VaNjR1L4Yo0ZJ_mnnTjjPA8K93JF6qYt16yk0Ng0-LaB4Y95pI22JoZrhsMRQ85fG&pid=v1.yLulCrXeIAVlWK5d1TtF3Kg1ZOql7ouKhOZ-NKc34b2hmqZ_c9HpTvJ0XgMIYxbSQ3cbzeq1BJ8XnCDKG9RnHwgTyPs&tuid=658ef403363b36591f3230c7&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489581424259741"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3800	chrome.exe
3800	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 4684	3848	chrome.exe	89
PID 3848 wrote to memory of 4684	3848	chrome.exe	89
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 2424	3848	chrome.exe	91
PID 3848 wrote to memory of 4792	3848	chrome.exe	92
PID 3848 wrote to memory of 4792	3848	chrome.exe	92
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93
PID 3848 wrote to memory of 4176	3848	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://data.em.officedepot.com/ee/v1/click?params=v1.RMdVimWGY8LUTa9FPn4gLp7S8Kpuu8YmDGPtqTsRZ94u6e9hDwibaywJllmSpQvnzBFd1-vwuLC8bpXK_7s5gr-zYBt1TVQA-6O_CryNTpCmjQWIUvRbTvebIAmrvonIX8naRmQoZdm__vb9jZOTRNE_G0AKbNz7TI7wrP826e8iyjHUGVsoFFI91QMAyE7lm-e0hGi0-PgNzHhZrmCILamwL-iHeK1bF1n_SzpAsq-aseorWagTpECZBkcxgDhxbvDfevXsm9IK_WT9NbfVMyYQGw_YjVqRRprvFdCQ5ScrL_f4V8jgaPlQp12WEsV02utaa3HTLdptctfTB2lhaG-coSD3OO-5z6hf4mOahjIquoDri7465bYEjmPICMHuExfPGg9YaL56m4cZGI5gqjmn4yoloR4M93Sxu8jgb6y139xzZAeZIB-rwY4x8ULjxydOA0oUkVsMsqii-2aFFFTPwwGBWxn04lJqToKMpKpAxR-zcuPMQ2zWtJbRUc5jPxja6oOO8uTo0JsJNQ0xDWi8yuVuDNyysHsXaOEoD3hAGJYHRL19HiecpOPTmBf-wIMw1LgttIwyhvkamZwh8PZY5PMFirBuhhAkooXD9kh0Kb9_xRqAtg6lPpbe9fmuEy6DhCuRllA3Pnl3-4WKb-wxNmapSL5zqPh02E8e2yYFqVDhsb8cYN49XxXnFga94B3R_bPT0pj5k3c1bdRJSuy3XwYxu-O4ObhDDyRLYeYk3YYjzT8pDUt3DtpYH0F09uzlS7kWfkIagK2__FN4-nNCB4UNKCZksblEgS5tzyKVpWIJCyvY1J5sVAGWM8p3rkR7MVKr-94R6UxPzsrdEc2lQkAw73m4G-8VaNjR1L4Yo0ZJ_mnnTjjPA8K93JF6qYt16yk0Ng0-LaB4Y95pI22JoZrhsMRQ85fG&pid=v1.yLulCrXeIAVlWK5d1TtF3Kg1ZOql7ouKhOZ-NKc34b2hmqZ_c9HpTvJ0XgMIYxbSQ3cbzeq1BJ8XnCDKG9RnHwgTyPs&tuid=658ef403363b36591f3230c7&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7e99758,0x7ffcb7e99768,0x7ffcb7e99778
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1892,i,17658281399892310493,12555355245654142404,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3800

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
28cc5f0cf9b94e39fa80b0e9e59a4bcc

SHA1
fce0654e8cf2924054986fc6d49dcd8a6f70b73e

SHA256
eeeaea197d93db5d007f3206746611ad4cd01072fb30153b6b982f2fc96477e6

SHA512
290b0e126839857ff7c4a38c0dfa4648515eaa503544c3452dfa049302302e3abc3195e3b8669cfb011aaab8e685d47cbdfb195ddc05c0b6b2f40eb82a653a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
81944f1b837d6ae77d5cfde8b332ce17

SHA1
18f05416997da261c302cc3229ed75e8576f0c12

SHA256
48f71a95c1f9a15c9dcaba8e9e8b06b8448cc74c579ffda6c97a45ac12009fe8

SHA512
a5cfdec707469caba1925f2741c23b5f8efb853a7440dc3e1532428cb7f0b6f206d7191d099f84c0811f630b444a4e2a89f5e6f96e1a77cc93bcdf510ece5abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
e4475cc8c82702bb165d2d8ade1bd291

SHA1
eabc7a86c79a67c18e06c3ef12eea8c56ce9a24d

SHA256
2db58de0e6749105b129293b263f5ca97a7bf7c5b30a7e0d40d4422c7b629c4e

SHA512
e9112015ce8fc15ec9031729147d45f6a7b2fc2669397f04a766e48c9dd53c42ecd2689b52649112ade9d0910250e1d5124fd109c56b2bbad0da46a5dde54d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f6f4760c798afa4bda7710746858b347

SHA1
1d0dd1b962e94f41eaf195e1f8f951560452c964

SHA256
d0a338d90bdae88e5f82bbfd74c316a442ad63b475f5960eac1e952ed891c7bf

SHA512
36ea50b44fa73a10fe725a615263833a8c12572390ce7d8fef382d8299d2b704470a9c9e6d8c2bc1440200bfcb3aa0cce3622d2a657a61222e4edcadb3b42d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16bca58ad28dd0e6af448460e8953eef

SHA1
420661afe934273e21edae73df22b0ac037824a7

SHA256
5d641d1e1cd631d757f02d720156899a3b6e8a70ce54a172e7f85be4090561d3

SHA512
c7a5f7b6a01e1cccccc7e6f04938a6e3170e0f17c12beac2b987fe5ca083d3dd82163580294aa9e180660bcc9c85cfd3737392ba1b004714d13a30ad3e43c753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e973fcae4c09d0d6daf21e746b15a418

SHA1
045e6000fd9e980a96a9742f908e5a2f2fa7a4c3

SHA256
6d79f03a96c7154ca1b42650edd4cd0b9254ea6b4ad0ef605cc91897e4c12e08

SHA512
683cc216488f7d30cf08f3e0d4a38597fb05ac7faf4f20787d49b45f120dca0de6a4e7cbfbf6d05a1e38068bbc74687009c20f3e92cd6b7f55c4a24913c98b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
99bd685638cb03630afc2fd7b99f0aad

SHA1
60bd10d5263602ceafb1921c352706dd604235d2

SHA256
214f84f26a1a6c05ad3065ef9162580422b7b9e52fa8c5c155091d8fedc98da1

SHA512
88c88c10e906012162fae0162c7c8da2c08ebd681f4366aeceb11db132e1d51d662a89106606aa7f9efb6e4c362fcf16e4e4ee3571ac85e3df517a0faef5fe83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit