hxxps://elink[.]prd[.]intuit[.]com/ls/click?upn=IC28GYYrRhMJ-2FrBfQch14gWPXyreHGRnWXNoszRQdfk2P0p4Ib9Mr8bjvFCxdiWZMP5n_ISV3I9mRzgwNSFjIvKtFZ8dhcgd0HQac2-2FdbVt7pj3Cj4rkoM0iTCzqVyoDLOVv2SQM1qSPu5TD5LMQA6QjdG7-2BRbJgxBOwhZ3agLo2648PMHadnSHzsP0qEAoCMKdSJe4OU-2B1JoK65Vg5X-2BwQL4xECeKhAsFx2FvX0vMNPQwq0Yp65WgLxMuZoSrFv1DTQq7ywR4GLKFdORBFf5OsCvcU1XIjZnQLxhflAewiAYN1P4GNRMSx6O2h0YsTinNDJiJjAENsNX7zHez2R46DG4-2BLXJNSwDX8eqUBd1-2FP9-2FyxA-2B8DYJ6Vz7cjLoRNSnZY596Q952situkk9tS8AEkj48xLXxgA22cAUz61WHNq2tmBgygZwcoL9K4BbEPvnl7aqEayRdJZRpmWepz-2FwMk8-2BR6q9HgaghcHzvJJpd9L8dUK1glP4PIFakttLunywiSkiX-2B4sHLgfm4-2FvI9gRqaKwLflw0sVb9bgfHFRP5nzpHvXD4sluS3o3gcWdWWJGcBzj43pzlUXhoXDjRpPZFxSljR3wv5ZtfkDA-2FCUpYUx3YCoPtx5jHU2a6xd93naA2YnbjhB1A6RJQ6rWmv42cn43gFI-2BjyLAmJGp8p-2BhXWJ4BgoKSJsbgs01OVWv-2BPKHG7XnkNMDp-2F0AN2Th4DgvjMGTnzdlLYYZhKDvCLulE-2BuvvmmOHeipcbiL-2FFlNiBY6fGx8iK-2BgrnA5xepOaBy3yhia7-2BR3jRd0Kbnpbf2IxW6viPTknkXvoGESvxn-2Br5RypH86Ru0v-2FI3lz2NdalzzQtPvevuZKau-2BHtXyjwDiDM9OGZLDCog-2FTSijL-2B0od-2B0YKWNVbTSO6V8-2B0AQ5bFByisXwFB5x3JdMMYM-2BJrmbPyB3XeDm6gJD9ukd9QbjrCfT3eWVEF-2BHJPC-2BqpalH4DpBLdbx0QzL32jmWyFvJai3BtB2OzAjzuy-2BsIg5FS8nm3Scq-2FHpfn6wbWe3eeLY6GIWITmR1rsiAyu7tT9CDlQD5Qnudc-3D

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://elink.prd.intuit.com/ls/click?upn=IC28GYYrRhMJ-2FrBfQch14gWPXyreHGRnWXNoszRQdfk2P0p4Ib9Mr8bjvFCxdiWZMP5n_ISV3I9mRzgwNSFjIvKtFZ8dhcgd0HQac2-2FdbVt7pj3Cj4rkoM0iTCzqVyoDLOVv2SQM1qSPu5TD5LMQA6QjdG7-2BRbJgxBOwhZ3agLo2648PMHadnSHzsP0qEAoCMKdSJe4OU-2B1JoK65Vg5X-2BwQL4xECeKhAsFx2FvX0vMNPQwq0Yp65WgLxMuZoSrFv1DTQq7ywR4GLKFdORBFf5OsCvcU1XIjZnQLxhflAewiAYN1P4GNRMSx6O2h0YsTinNDJiJjAENsNX7zHez2R46DG4-2BLXJNSwDX8eqUBd1-2FP9-2FyxA-2B8DYJ6Vz7cjLoRNSnZY596Q952situkk9tS8AEkj48xLXxgA22cAUz61WHNq2tmBgygZwcoL9K4BbEPvnl7aqEayRdJZRpmWepz-2FwMk8-2BR6q9HgaghcHzvJJpd9L8dUK1glP4PIFakttLunywiSkiX-2B4sHLgfm4-2FvI9gRqaKwLflw0sVb9bgfHFRP5nzpHvXD4sluS3o3gcWdWWJGcBzj43pzlUXhoXDjRpPZFxSljR3wv5ZtfkDA-2FCUpYUx3YCoPtx5jHU2a6xd93naA2YnbjhB1A6RJQ6rWmv42cn43gFI-2BjyLAmJGp8p-2BhXWJ4BgoKSJsbgs01OVWv-2BPKHG7XnkNMDp-2F0AN2Th4DgvjMGTnzdlLYYZhKDvCLulE-2BuvvmmOHeipcbiL-2FFlNiBY6fGx8iK-2BgrnA5xepOaBy3yhia7-2BR3jRd0Kbnpbf2IxW6viPTknkXvoGESvxn-2Br5RypH86Ru0v-2FI3lz2NdalzzQtPvevuZKau-2BHtXyjwDiDM9OGZLDCog-2FTSijL-2B0od-2B0YKWNVbTSO6V8-2B0AQ5bFByisXwFB5x3JdMMYM-2BJrmbPyB3XeDm6gJD9ukd9QbjrCfT3eWVEF-2BHJPC-2BqpalH4DpBLdbx0QzL32jmWyFvJai3BtB2OzAjzuy-2BsIg5FS8nm3Scq-2FHpfn6wbWe3eeLY6GIWITmR1rsiAyu7tT9CDlQD5Qnudc-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133507638440110127"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{529DA6B8-E135-4877-B9CF-B657E986D23B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 1784	1432	chrome.exe	13
PID 1432 wrote to memory of 1784	1432	chrome.exe	13
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 4272	1432	chrome.exe	40
PID 1432 wrote to memory of 3876	1432	chrome.exe	39
PID 1432 wrote to memory of 3876	1432	chrome.exe	39
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38
PID 1432 wrote to memory of 1412	1432	chrome.exe	38

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe70f69758,0x7ffe70f69768,0x7ffe70f69778
1⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://elink.prd.intuit.com/ls/click?upn=IC28GYYrRhMJ-2FrBfQch14gWPXyreHGRnWXNoszRQdfk2P0p4Ib9Mr8bjvFCxdiWZMP5n_ISV3I9mRzgwNSFjIvKtFZ8dhcgd0HQac2-2FdbVt7pj3Cj4rkoM0iTCzqVyoDLOVv2SQM1qSPu5TD5LMQA6QjdG7-2BRbJgxBOwhZ3agLo2648PMHadnSHzsP0qEAoCMKdSJe4OU-2B1JoK65Vg5X-2BwQL4xECeKhAsFx2FvX0vMNPQwq0Yp65WgLxMuZoSrFv1DTQq7ywR4GLKFdORBFf5OsCvcU1XIjZnQLxhflAewiAYN1P4GNRMSx6O2h0YsTinNDJiJjAENsNX7zHez2R46DG4-2BLXJNSwDX8eqUBd1-2FP9-2FyxA-2B8DYJ6Vz7cjLoRNSnZY596Q952situkk9tS8AEkj48xLXxgA22cAUz61WHNq2tmBgygZwcoL9K4BbEPvnl7aqEayRdJZRpmWepz-2FwMk8-2BR6q9HgaghcHzvJJpd9L8dUK1glP4PIFakttLunywiSkiX-2B4sHLgfm4-2FvI9gRqaKwLflw0sVb9bgfHFRP5nzpHvXD4sluS3o3gcWdWWJGcBzj43pzlUXhoXDjRpPZFxSljR3wv5ZtfkDA-2FCUpYUx3YCoPtx5jHU2a6xd93naA2YnbjhB1A6RJQ6rWmv42cn43gFI-2BjyLAmJGp8p-2BhXWJ4BgoKSJsbgs01OVWv-2BPKHG7XnkNMDp-2F0AN2Th4DgvjMGTnzdlLYYZhKDvCLulE-2BuvvmmOHeipcbiL-2FFlNiBY6fGx8iK-2BgrnA5xepOaBy3yhia7-2BR3jRd0Kbnpbf2IxW6viPTknkXvoGESvxn-2Br5RypH86Ru0v-2FI3lz2NdalzzQtPvevuZKau-2BHtXyjwDiDM9OGZLDCog-2FTSijL-2B0od-2B0YKWNVbTSO6V8-2B0AQ5bFByisXwFB5x3JdMMYM-2BJrmbPyB3XeDm6gJD9ukd9QbjrCfT3eWVEF-2BHJPC-2BqpalH4DpBLdbx0QzL32jmWyFvJai3BtB2OzAjzuy-2BsIg5FS8nm3Scq-2FHpfn6wbWe3eeLY6GIWITmR1rsiAyu7tT9CDlQD5Qnudc-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5048 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5512 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 --field-trial-handle=1884,i,2214120578854605408,3675277979927845757,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7d2880abd0109fe4ff24d4105c826f20

SHA1
5179516e1047bb08c7c7f3095f1bf6dc032bb88b

SHA256
384ae8d2d8d9f8be388c210577a2a1b569e470ee47112203c844aa4bb325d106

SHA512
8acd0e8d7c2365d015d3680eb5c13428a791813bbf9e16c1f2e2f63a0c798041631b11116652d206180238ddf9fbafbdc80e5574d648efd8086d0803846e92ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_quickbooks.intuit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8438c6d8-7c55-43a9-9a41-ae807dd2bdc7.tmp

Filesize
5KB

MD5
fb72f6b14b52988d91f54b278a06df19

SHA1
dfcbf38d75fc64d6f4f1b3fa79f561867a9939b1

SHA256
cfe46e5d51a848b8c64a19eeac71e78b73fece255bed887ed4fdec65a1603f8b

SHA512
458bbca966d2aebd67ed10c931c174896f69c56257ac5513d35b5b7c3895fb1839377b37aa72a778181ac5e03da12b7bed35132c618cd4e772d1311b8b6264ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
0e9c3c7c11368ab2677b79d73b86a74f

SHA1
a1ec3bf8588d5c182f5bc332b999e646e7c462b5

SHA256
fbc47f856a348e7ccb8ec5954e115672a6e1be3dddeb0cbef0a01ca107873392

SHA512
c5099b822ff4a469204ea249bf1a015228ddb3f325d2e1b9d3117f006c64d2eb89920fe5e7c2a34d23f4e2278bb9c85edc4923d0186f157fefc94fe1da1d74f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8db5dc6ebc9c4cb183af8f76bc7bf6a9

SHA1
1950aa1a146ee65d269c1427b0d0fa87087d40bc

SHA256
5c91929d93dc1337989bb84b577669a371daf002f194a4b954091c89d0528071

SHA512
fcaf3c1250517ea910832afe387d945c0959c3d2c4eb0e9c39bfea789c333c83e419d991210e2f38746bf2a79b318c00fa4112db38d1e6a14c60e25c99ec53ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
11c348f5175123cb44f7a17024a03bf1

SHA1
66f66e7f4b3937a06976bc4e656687083cc0a33f

SHA256
df970038fefbc2bdd5ef23643c789244a85cfd2f0eb67914267b2eafd3a18181

SHA512
10466c69be3cf941330b5ca046bc0188194a83e0f69d6ca05af51a6ef66194924497f0d49493c60b5ab2ddcc891aa195023f2d6eb2bd3f9f1016f684037a8d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e3566d807717bba90264a2633816456b

SHA1
66b8d6ae737fc1aea4a26fc178deb1de9f4b3682

SHA256
8ae689a7de04f78a915ee5d17dc2725e746fbdb9dd6d6f5d7829b142708ca489

SHA512
759e0a5573c5b0bcb7fb1f1d5f86150266854c62741775b7a4616fb46fcfc7eb003b120e9beae40429b4f103398ea846d66ca60ad8573b6d080f07bc45eb3daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fe0e3206baa67ae3c40cb1f0e5494bb0

SHA1
2bc0d72615ed59068f257ef8eb50bcf46850618d

SHA256
829627ecea8068aedfc09a78c2e1dfe7beda140b3c7b33fefd5787f1dfc6aad4

SHA512
436326cea8a7043f38c329a15e2d781f0ab3dd304088d6b5fb279a2116628c795ec5c31587ecd45439f894624dfa33fa43e4e7ca0b17315ccf4f03a03d842f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
161d08864e2855638399fddb4bb1a57a

SHA1
55c62dc6d8c599124cd513152ddaf0fc6c3e4749

SHA256
f064d2a8c35f8bbf0c3a49a4bf456696d8e122829466251e80fbfb3f919be045

SHA512
9a47199a1b5db345b0a59293092d4df55161163e93cfe79e58ad0922ccc9ac3c601a92c99a84351a4ff9ff7c2d6f4c8cfad2ef72f8a95d17214ffe9a66bfef73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
363fe4a5c8805bc57edcc8f85c947b3a

SHA1
5c2bb88bc160c56b1fa0903bdd22457f3b087ba6

SHA256
5ba47aeab7855daf4c0ea2d0a7b05c2254d5d39de1bc95fd7b9af513f6f3962d

SHA512
e5cd496911fb840be0c447bc30b2e6190b021db6f3179c01601e1aec0f68bbf881ed2d45f3f2e7a1114ae5a453e855543601424b97a8521ea6785476fb457646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e522f4566a946a79e3af42d7f1bcf1c1

SHA1
46633f7ae1590c85286f0d7ef6c8f37a21de107e

SHA256
455eb92f7f2066fe52c1c5f939da12cf887a2bb3d4ca18d28f50533fded2abf9

SHA512
ab53ae69e655054f084b5a8b9aaec5dace466a8c529d53788afa36ad8549f909ee7f63023ce8fa546a4e64410b503ede608207e101cbbe73f6347f6f624c5170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9375b48d3203b6ca0e3561494e0e6a75

SHA1
c293d3232f5731560bea741a52b4919c618818ff

SHA256
49ccec82bd8fe52d5e14885d347b4f3e811793294aeec9e5ea952bd7b2a375e3

SHA512
2fc037714d3b68b1e2ab59e78ecff08cd2375d9b8c1e0e2c007055eeab5ebf25dbf1f1b754edcd169f7394312c90f0ec99cb0df0fecf7795b96e34159d2ad1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
93682737065f50a7e0e3002948b0b2e6

SHA1
55def45a78940ed5b2394ba42ec076ed94d4c52a

SHA256
febc63803b1dae2bd7d7ae548fefa6e31c25fdcd87c7185b7496676a5a05244d

SHA512
c8bbdd07d05e045bd6d4521a8795ec12dbecd37c1cb674ec3583e6e3d4d6d10491ac06787f0c6804e39ebec0c073c2427586d4c5e8b4bd7bb5ad1501ca9e2723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
89709e60fc162f781469fd4fb9fd97a7

SHA1
ad815f24b23fb8fc379a4a90dba8a405095757e9

SHA256
8106a9111f1b7d2d936039a72aca52748fe1ea41f7ed85adafb0ae76209cb0c9

SHA512
5bcc9931891137d5a64cb78c8dd912b9f939da659db96ed4027c866672ea0a8ff446d68d909684d669847e8e220817435b4f344b9c6587e8b69e9aa9d831c2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ba0c5b598b98cfb42b7e61dc72faee31

SHA1
2c38c5502a929a9e443233671546a1141eec2f27

SHA256
98e793d96a1eed2da2bd2a5f733494bc14eafc1622f45a963fb807b13fc11d46

SHA512
3f8613e0d28e8913822df8ca08fa3ae0bc2737d00f9f9a8bac41fc6ad54a80d213a4b8445465c70c28481ceef9b68a705da9045de0588ca5726ce5a774bb3afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
da58513180d73d5e401de413c62da963

SHA1
f28ed0af205f6567547f0892ec30efc6b38bd450

SHA256
192b8e2cfd2436b2f1252076ba17e8ed26e7e38a4491a7496ed6775cae42b1cb

SHA512
661593ea1876d2600740e89ce6d23fa6610069e5f7e4848a7076bcecfa38ccd1b45eabd28e3a0128825d1a8bc3d29cfc491e16d84045d70bc29875bad34dd11f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6243365bec489a371d784f56294fc662

SHA1
6305962fdf227da5104a320a5d127b589a6483b2

SHA256
ad46170464bda737c819e471569763d323ec84304b3fb759421b14af2d85a04a

SHA512
b3fa4c31b09d82856d847e15757cdddf9f3a9ce7b714e6c2515dd877317ea2e40cd7b914de1cba66aba187df3e65e3251b38607551860a430e24eefe4da76185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ccfb942543a763c5ec69ee8e07cb8d05

SHA1
ce062bcca2072b542d58b65e55955fb53aed3c2e

SHA256
f838c329b2d6584ffbdbaaa1a4c59b1442bff4fe83a32b2d13713fafd8e3ead2

SHA512
1ba436da86635147cfbf3ef817713fba8ed01aa86e3d13d0fad70432e131f9f8cba94a6d368c4790e07c56c4e143e5bcb256599f688478996e2cb2b2049cba05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit