hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fboostlyuk[.]lt[.]acemlna[.]com%2fProd%2flink%2dtracker%3fredirectUrl%3daHR0cHMlM0ElMkYlMkZib29zdGx5LmNvLnVrJTJGbWFzdGVyaW5nLXNjYWxlLWluc2lnaHRzLWZyb20tYW4tZXhwZXJ0LWluLW1hbmFnaW5nLTMwMC11bml0cyUyRg%3d%3d%26sig%3d6MAGsCB2BPs9Xm7RgTgiNhJ1j3B4jdFAMryuHyQdXTo8%26iat%3d1705055634%26a%3d%257C%257C25492700%257C%257C%26account%3dboostlyuk%252Eactivehosted%252Ecom%26email%3dku4k8d74%252B1wIpEmMpjQ79n8LWgIGGiStYzxJfTsREFmvOK6GDQ%253D%253D%253Al5T1Op5I11%252Bmi0mJ7pZcS9JUxxjXoNQm%26s%3dc203a3fbe1fda324d34fe926ca860007%26i%3d3521A19214A1A32261&umid=3d98e76b-5d45-489d-97de-591c8b30874b&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-76224ff6c955a47a93ab3ccba40d89da4796253c

Analysis

max time kernel
149s
max time network
154s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12-01-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fboostlyuk.lt.acemlna.com%2fProd%2flink%2dtracker%3fredirectUrl%3daHR0cHMlM0ElMkYlMkZib29zdGx5LmNvLnVrJTJGbWFzdGVyaW5nLXNjYWxlLWluc2lnaHRzLWZyb20tYW4tZXhwZXJ0LWluLW1hbmFnaW5nLTMwMC11bml0cyUyRg%3d%3d%26sig%3d6MAGsCB2BPs9Xm7RgTgiNhJ1j3B4jdFAMryuHyQdXTo8%26iat%3d1705055634%26a%3d%257C%257C25492700%257C%257C%26account%3dboostlyuk%252Eactivehosted%252Ecom%26email%3dku4k8d74%252B1wIpEmMpjQ79n8LWgIGGiStYzxJfTsREFmvOK6GDQ%253D%253D%253Al5T1Op5I11%252Bmi0mJ7pZcS9JUxxjXoNQm%26s%3dc203a3fbe1fda324d34fe926ca860007%26i%3d3521A19214A1A32261&umid=3d98e76b-5d45-489d-97de-591c8b30874b&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-76224ff6c955a47a93ab3ccba40d89da4796253c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495362712597180"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 3836	4040	chrome.exe	34
PID 4040 wrote to memory of 3836	4040	chrome.exe	34
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 2332	4040	chrome.exe	75
PID 4040 wrote to memory of 4368	4040	chrome.exe	76
PID 4040 wrote to memory of 4368	4040	chrome.exe	76
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77
PID 4040 wrote to memory of 3284	4040	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fboostlyuk.lt.acemlna.com%2fProd%2flink%2dtracker%3fredirectUrl%3daHR0cHMlM0ElMkYlMkZib29zdGx5LmNvLnVrJTJGbWFzdGVyaW5nLXNjYWxlLWluc2lnaHRzLWZyb20tYW4tZXhwZXJ0LWluLW1hbmFnaW5nLTMwMC11bml0cyUyRg%3d%3d%26sig%3d6MAGsCB2BPs9Xm7RgTgiNhJ1j3B4jdFAMryuHyQdXTo8%26iat%3d1705055634%26a%3d%257C%257C25492700%257C%257C%26account%3dboostlyuk%252Eactivehosted%252Ecom%26email%3dku4k8d74%252B1wIpEmMpjQ79n8LWgIGGiStYzxJfTsREFmvOK6GDQ%253D%253D%253Al5T1Op5I11%252Bmi0mJ7pZcS9JUxxjXoNQm%26s%3dc203a3fbe1fda324d34fe926ca860007%26i%3d3521A19214A1A32261&umid=3d98e76b-5d45-489d-97de-591c8b30874b&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-76224ff6c955a47a93ab3ccba40d89da4796253c
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa762d9758,0x7ffa762d9768,0x7ffa762d9778
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5040 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5532 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5452 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4988 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5776 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5700 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1804,i,1487834340077623185,4992675570148949339,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4216

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1b82ba424f6372f934a56cc22a009d69

SHA1
576d6e387a4ea70a99748477884b3cc18e84ecc3

SHA256
f1f43e1ffa595758c43615df047faa5dff2f6285ef0bd06fba8d4ad3fe240469

SHA512
21ce75e88a45a94b8afa5d59e7ec8852b30a8eb30170ce79cd00bd85b7f968b6d25f5ae6e5a0dd3aab924bbbd977cdac1f46ebcd619c07019f71bb167e7d2360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_boostly.co.uk_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1f88d012026b7aa8d1a4298629dbd6ca

SHA1
b50db52df812ab60faea6eae0dd8699f7814d2bf

SHA256
3e4869c7d7b5e9db58013e6af3089492241efe1fa055a70c227ece3976a27af5

SHA512
00c40139fd6fb4ba96adc7d00827aaaa73682725bd0270ca9d20876e6793230080988729df476cbfd359f4fdcea3128aaa9239bd03cdf4a31870deddd7d18087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
31cc849b03b3c560d8152ca7770b8de0

SHA1
06f4958be07c03d516f9e34ca3a613c6cc78d2fe

SHA256
5c2beab21632d039e0aab0daa3f408f46d961365467bfbc35a6af0053348d60b

SHA512
b2a2932a823e5ccc2f1f449863bc7adde9098e8dde1a37ac57fcfc52d85514e61623fa41a246e1b93e96177d0e6bd330291eb2473ded7503301b43c768b297c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7d99630b9aaaf459ba16b8519a61051c

SHA1
9cb91be49014fb3f4a5fd3ffeb9d90df3cd7f86f

SHA256
52dec24ccf2cb61881587cfe52125fb02a7e76805475f08d6db6f8895742eceb

SHA512
91e0e25bd748bdc4c1886269bd8a438a4b562b767613e52354dfc1f35cd78246d7dae4675f1101552f47c12486f091ac19b0aa81566a17ee27342e6131c64c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7be62158dca267e44cde7e2910c16c8b

SHA1
2216cb7cbc24d2adf0f0bf34027f99a221f7d8b5

SHA256
b15e3ff204028b8b45a33daa714ed27ea86ba488fb0a1082228482c7dbe84ca2

SHA512
2d5a8e0e1785559c8e7999aaa334390f085d243f4bde0d62d6d0d7aa3641f8b8a013ec566b8489f863965ba585e1ed83855b4dd2c6fd4f16aecf5e35cb8ee457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3b5fb3c9a2eb3b30b890c877b16afcf

SHA1
ec9291555edffa4edd927bfd4dbcf26c021afea5

SHA256
796d4b6ca5ca4f4b77c60c83f4dd68fe836f19be52e39691b914d2c4e12336c3

SHA512
90288b6b46674f9d8bccc345660978c76fc1ad7f51b28e9850e769447236fad7f9d6f9ae5f5ac1365cdaea3bd2da38032834bd31ea180f59e40f0d457ae21c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91bc0cd71a9cec0e31a019447b78886f

SHA1
f5fae452dc3fd4784953fc22cd1b90023db32935

SHA256
2ecf4ef53b48e66a8107008a6ec83f0ddce42b011d3f1ebdbcd14aa796495c76

SHA512
7657bee2b286092a8c7efcf640f4a325cf3028847452307d56795fdfe0abb68c17cfe744a56366edf98cf90d385dd8e0324ebae5afb991dbacfdd053137ef2e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a626481be288763ef095d006b6b0de05

SHA1
78b3c4f308c563b790e7f5fc2fdaa04377609f77

SHA256
37dc39671615466e6b9ea8255b48ae7027603aaf8b8ff82308acce42aa193a9d

SHA512
6cac95cf6cb93bdbc0ceb4201d0d9fc7174a640ac49428136fb5d33391c87606d5469d2b649f527e230123ea7d1de4d00d3233d0236278f0b5b38ff566824453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58369b.TMP

Filesize
48B

MD5
440a02cf6124723477661ceb05d6983e

SHA1
803120dadee3b0191fa41cdf423c6822266998ed

SHA256
aba67c0f4cc70f277b69d6c9af3ac4d87ca2bcc7bf29c4f52f6dedce59ecbc85

SHA512
c67c4f70e0e82f0085fe6ab1fb2ca01ddedd4718f77f54b1358dd0cf5e9631d666a032ec22406b544b18c5978a550bead821e29cd065f56aa3c6b28b57a4cb44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d9d363b45c576fae0212df934ba68430

SHA1
3af2c174be33de28518d9e66e0cb98d9512d99b4

SHA256
bea141799158b7c343ca3421c754f2e285ac5c5c27e9c68d0501bd88c62c4d95

SHA512
abd3f8724784fb039692581ebafb57f5aa9ea35500424328743429fa6e4d3cfe7e9f9ea97adc0b561e407e0339c73b6629d0768fd55a1f668c5403229998c9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit