hxxp://links[.]notification[.]intuit[.]com/ls/click?upn=u001[.]SIdC8EbtQ9uqKAlODbetlBZiUd3ZUcZy8Zg-2FD-2FUMLlbo-2BgYb8M5b1yXlD8wfPlvX9FV0mwHbB-2BjIhWWIHVFFSA-3D-3DzLKI_0PYq2v8VZGc0lBnOPDgucGix-2B8QF4OD83KdZM1Cy7cLpaHwscg8KRJT6x0NBH9yZ5d3xRiIp2Kdi2ckuldS0JEMpBDt2slCZYoKaMDCJNaPRziXzcgxzASi74sIkIrvz-2BwMnMt7pVVTMkT3CPce6zfRyB4hgu08cx5i-2B1gVL-2BpIJAwZR68Sd9acEnBTxNoCuYWQ3Waq0u6P6acOkUknKkhmHlNCOW0VPxtDLcACzNyzk6UDHDdLPOdx5ZA-2B3fm46bP-2FUQySS7nv68VPokXHqV5N9A8F71wS70Xx-2Fq9KZO-2F-2BQ-2B-2B6UFpDk6E3651ZDJM1N5x-2Blq2l-2Bx3YWwl0JDoYszMWkAsEBLeZvhVvMkKh90GqCAyhfWVPUWrwo2ADr8ZffoUZyzfuY-2FbLDWlWRMkN9OAns-2BA7dznbRBATnD7TIqdUK9isLWnGnh8dw5Hb6YXywzNx0LQbDKIU8HfAiSyK-2By0BK8LWTRhjrYQvk3WobRcaiJXtQtRK0APz-2FEOAHbubYjKfM20cKfbbp8lbDuKVu8Hb-2FpRyd4rmBPpIVCQn5u5qRgIbS-2BIvUI04jTPt-2FLK56S6uDRZal79HY6qL-2BssQ4d32EU4S929roJ2MWgIk-2BvJfIMq882tPUx9gS-2B-2B92YX9pQkpC8DCzgAam4xZpXnsMSMh75ZRo6Z6epRHryQ8ZIeaTmk1DJoMUzJw-2F78ngUKjzE3b15r3g-2FHEAugqmgyaKgA-3D-3D

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://links.notification.intuit.com/ls/click?upn=u001.SIdC8EbtQ9uqKAlODbetlBZiUd3ZUcZy8Zg-2FD-2FUMLlbo-2BgYb8M5b1yXlD8wfPlvX9FV0mwHbB-2BjIhWWIHVFFSA-3D-3DzLKI_0PYq2v8VZGc0lBnOPDgucGix-2B8QF4OD83KdZM1Cy7cLpaHwscg8KRJT6x0NBH9yZ5d3xRiIp2Kdi2ckuldS0JEMpBDt2slCZYoKaMDCJNaPRziXzcgxzASi74sIkIrvz-2BwMnMt7pVVTMkT3CPce6zfRyB4hgu08cx5i-2B1gVL-2BpIJAwZR68Sd9acEnBTxNoCuYWQ3Waq0u6P6acOkUknKkhmHlNCOW0VPxtDLcACzNyzk6UDHDdLPOdx5ZA-2B3fm46bP-2FUQySS7nv68VPokXHqV5N9A8F71wS70Xx-2Fq9KZO-2F-2BQ-2B-2B6UFpDk6E3651ZDJM1N5x-2Blq2l-2Bx3YWwl0JDoYszMWkAsEBLeZvhVvMkKh90GqCAyhfWVPUWrwo2ADr8ZffoUZyzfuY-2FbLDWlWRMkN9OAns-2BA7dznbRBATnD7TIqdUK9isLWnGnh8dw5Hb6YXywzNx0LQbDKIU8HfAiSyK-2By0BK8LWTRhjrYQvk3WobRcaiJXtQtRK0APz-2FEOAHbubYjKfM20cKfbbp8lbDuKVu8Hb-2FpRyd4rmBPpIVCQn5u5qRgIbS-2BIvUI04jTPt-2FLK56S6uDRZal79HY6qL-2BssQ4d32EU4S929roJ2MWgIk-2BvJfIMq882tPUx9gS-2B-2B92YX9pQkpC8DCzgAam4xZpXnsMSMh75ZRo6Z6epRHryQ8ZIeaTmk1DJoMUzJw-2F78ngUKjzE3b15r3g-2FHEAugqmgyaKgA-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602260632514767"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 436	2904	chrome.exe	82
PID 2904 wrote to memory of 436	2904	chrome.exe	82
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 3260	2904	chrome.exe	84
PID 2904 wrote to memory of 4884	2904	chrome.exe	85
PID 2904 wrote to memory of 4884	2904	chrome.exe	85
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86
PID 2904 wrote to memory of 2596	2904	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://links.notification.intuit.com/ls/click?upn=u001.SIdC8EbtQ9uqKAlODbetlBZiUd3ZUcZy8Zg-2FD-2FUMLlbo-2BgYb8M5b1yXlD8wfPlvX9FV0mwHbB-2BjIhWWIHVFFSA-3D-3DzLKI_0PYq2v8VZGc0lBnOPDgucGix-2B8QF4OD83KdZM1Cy7cLpaHwscg8KRJT6x0NBH9yZ5d3xRiIp2Kdi2ckuldS0JEMpBDt2slCZYoKaMDCJNaPRziXzcgxzASi74sIkIrvz-2BwMnMt7pVVTMkT3CPce6zfRyB4hgu08cx5i-2B1gVL-2BpIJAwZR68Sd9acEnBTxNoCuYWQ3Waq0u6P6acOkUknKkhmHlNCOW0VPxtDLcACzNyzk6UDHDdLPOdx5ZA-2B3fm46bP-2FUQySS7nv68VPokXHqV5N9A8F71wS70Xx-2Fq9KZO-2F-2BQ-2B-2B6UFpDk6E3651ZDJM1N5x-2Blq2l-2Bx3YWwl0JDoYszMWkAsEBLeZvhVvMkKh90GqCAyhfWVPUWrwo2ADr8ZffoUZyzfuY-2FbLDWlWRMkN9OAns-2BA7dznbRBATnD7TIqdUK9isLWnGnh8dw5Hb6YXywzNx0LQbDKIU8HfAiSyK-2By0BK8LWTRhjrYQvk3WobRcaiJXtQtRK0APz-2FEOAHbubYjKfM20cKfbbp8lbDuKVu8Hb-2FpRyd4rmBPpIVCQn5u5qRgIbS-2BIvUI04jTPt-2FLK56S6uDRZal79HY6qL-2BssQ4d32EU4S929roJ2MWgIk-2BvJfIMq882tPUx9gS-2B-2B92YX9pQkpC8DCzgAam4xZpXnsMSMh75ZRo6Z6epRHryQ8ZIeaTmk1DJoMUzJw-2F78ngUKjzE3b15r3g-2FHEAugqmgyaKgA-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef993ab58,0x7ffef993ab68,0x7ffef993ab78
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1236 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3164 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4760 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5084 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=936 --field-trial-handle=2008,i,17019390957401038167,11037085809125347884,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9db20897f7d6b53c5895b8a266aadda0

SHA1
ff30ffa8d33227dd1937700eb1e1de208ef9b12e

SHA256
ca4729e26166f4e9134bbd25a61516345c0d936ed05a88acf5dcafed30c04c23

SHA512
f265391811fb011b8479163c37df744b6a5caa0cf5a9963f104e5036a6a671e33489adc37ba883a6f309d77366526fe390d9e6aec5f4e431d599286a1acdc6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\32cee097-3af3-466c-b8f4-d46dd3935067.tmp

Filesize
4KB

MD5
be006a58003f8064c7ccd2a28c6b2ba5

SHA1
a73c033b4936c1c0ed275ac2b93dde042de57535

SHA256
43d5f02eee1c4401f9d72e6eced0a42a91cb260f7bbf398ecdd084f20a83c012

SHA512
be8e6b4e7eefe6787fe299d53d0b5f09051cb32e65094f6f4099a61b2dcc7b5269e4247c4fcd701201bde7515b42a91bfb4cf74d10df43fedb3d3640656cfea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0f8f90987f01295cfedaa4eb0ce072a7

SHA1
b1df378da2efc0038104c16604fa30805cf3111a

SHA256
daf4aadc26d6dd4a94674edf7f7d076e644ebb75b8ffec64dded1dde7379874d

SHA512
3b8c2b1bfe142c3f65a21aa76250d7eacb9eea46ecbbfc6da85f4184e5e0b8e8f03599c6a35739aa0daa65ff3e495e02544b5adc0da2d15c9f4ce6f5abe23831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c6d69a2ab1e7d38a0703753bac30208c

SHA1
8cce37b84f9e0271e1fda7db763529b5010083ba

SHA256
528049e868ad42feb4d3d28c0baabf7cdba200553cc1aba327c84ddbde8676c0

SHA512
9d48760e5d0b8f2a200e97fde3c61476320d1888348945efc835cf2fb1073d2fb303ff27cc5698d9345afeebcec702726409ef3e7a6253e8a07aa97de75c5187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bd7b509078143d340a6ccf09d599a1d6

SHA1
e242f2ac38bc354f3c437d927d97f26a0d76ee93

SHA256
b6f833c7e8f279b819c10eb91dd0b051bd806e36ee580813c9f987707f14fb68

SHA512
5219e3d4d43dc6152a55bc0c7df42e7ed98210981b2fb4481310901fe51dd42fe0e362c6c791b72cd8ddbd9b36d1743db5fa110ef9fa4ffee56194fcccfcf375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d91b598a8b001488051f7d4b88aa0683

SHA1
426d015c505d8fd4baa7a2d5e7c7da941c70713b

SHA256
d13ccac501bc9f3ffa8c082fef465806e0b059e22eb2a7a4730aee0890ff49b5

SHA512
af9498b4beaa0b9304cd043765bba0fe46fc18123d4f8138f1b7e7effbd7e5d47d010ff1e958e51ab376c5d7e97a5a1c4de638a4903f7d631cc4ef36b52a72c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
998a3d23b782d9647ecf7e1b741915a2

SHA1
60befaa39ff1132bb9a8cd89b3e6bc0ffad2e844

SHA256
0c322ee73ead04a81a532831ef0614ab845e6668e577d7eb1cf7a71ee397629c

SHA512
0257bf52449836febda18358360412b9fd8487f2bd5b7b6b3e8c2092ec2a4134b6878944e060174134bb7f27da28c15a65b4a7e08310c6299d462811594d2408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5f98d4f8bf7dac3c692b0eca7370b52d

SHA1
2b681b4c1ce46f066d41cfbfa81b5929db3079fa

SHA256
f12bd0eb1566df01310d2cdf084985736e8e09da1359b0c46d034af0f4ee6f54

SHA512
387cc6392da7f4f47ec4d759966a2de77b416e9ff7a535d31fd5f4a008d47bd101edee6a7f19204cab2031e5d39f08d2dc9277d817af0b6160fe4dd68f8e1462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fdbbe201e15d6f414d46f8e8a1f37f40

SHA1
01cb46494611c7a09e18130cf0823f4c399084b6

SHA256
484673049997f08a6693d234e819c5dcd95297d13e9a4d85f4dec07353cc6120

SHA512
5d67a4fadb754efba524ffa1bc783aaf876bbc38a4e3582f5b74a172736ba4a6c3755be95d73465ad7fc11bba787154946d2d5d107ce94b7efc66ae266ec8120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
34252460b656a2e4d784d2c148f19573

SHA1
100460d3e666724d823ec8b867bfcc9fc033cb8d

SHA256
c9c10d6b4229c71afb34e214e23ba94a71386b97d36378ed01b537aeef00db39

SHA512
f8a3ad5d048e955d62afb0327a7c2b8960f7f9e060aa86db4dd5000ed62aaa9ff229baf47bcabf7a425c49dce30f5dcf5d76c565e81c7e82a8a9fdbf39396c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
89cb32547a78228615560a43e944b381

SHA1
a7880e816afd7f03f802f7e4fa80b400cdd073b7

SHA256
7938ace3548f35ad276239b7d20590e45758dfc4c62ce6cfaa7c53317936b057

SHA512
938b5828e1b02392d823abe24c544871c443d54848864ccd115f5ca566007effd2b0ec4feb4f8d6d1874082c3655c9f5375b9f337a4f161658d7d725b8b62ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4a8ece02eb4fcb2878089b97c99fd955

SHA1
08647e36d60be78bf78d29fee08160dc30ba6762

SHA256
8e44123d6a84d3013e5f1dafdfce69075f35fbe32f66ca8283edefde53b5de5b

SHA512
be0d354697be0528039fd65b81536ebe98a6ab50d10aa4971cd56e9cf810eaa5d510d767e6aca2a97ee233436c2bf5730ecf964fee7d23fb3aac4e6e64d223e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8a16be0441de2a7e5b430af97882bacb

SHA1
1e4b121f4ca4c517cf4d7f8fa740376cfef4ab45

SHA256
f9f2638f41624c4cd279914fb347a01baaf915c3241e59e2a7120392150edd42

SHA512
82aacb4db0eebbcfbcf1767d92585be8b8c0ce73d30fd2ae0b831958e64a13cec5d5994e115303b12e75b53c1e268f4ffdbaf4cb9c5146dcdec400c399aa0a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
54be57c6b5b33d196cebdf46d3dfe812

SHA1
b13b23b590fd2b878e2767349f56760b3a06a404

SHA256
ecf7a9e451823d05a848722361746eb94d333b9a1f83fd75616ab11aa971af32

SHA512
0c84297009d195b7d5bfbd63097e95e058b9029a2228d5b13699e8924838622674bc76ef97ec9da1e0e4b4bc238128dbb2fca74a13e520c869ee97e08d61161c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
10ac64fa25cae8ce76710012eafd0b23

SHA1
9b8a1f6a39caed8b487d4d97d664791b41596d34

SHA256
7ab9b92f19af8ad8da1cc92aa2b7db1c5467ba32a81a78a5b12871f1af4aad5b

SHA512
686f0385fb38dcdfa357b50583de6b440edb51288abede697ba7c788a269f3441f8e0812689c875ff3892d9d4c35b7e321e0a083014d75b1d4996d2d4c487271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
50fdfe2dda745ac6a674030764323989

SHA1
9208e459cec09edc3f26c92e7cf58522657b11fe

SHA256
097e6d665596c4178b44a0b2272d68dd8ded39ff1225deaabb96e95b01a0c16b

SHA512
1d35f531e3d001b71c33ffc7a0f42b10885b91648fd48b48815e817f3bff2bc9bbe9060e034073c0771aa77518378b488d289bd31a4dacb94a6d17e31aaac1c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
49719e68ecac5236b40195efc492ff63

SHA1
ca689d6a2635f6c9104aab5f57e9c18c48c524a6

SHA256
5e38d2d0fb5f94bf5f2197feb1112cf894c5d4ddbde2e106754d5f203bf65b57

SHA512
47bc526113a3fd6dee5ab2687f584440bde738549f3e1a49478756a5b2187e8c1ac7c7aa6a89394158d6a912df503b96791be5f79b78b0587897f60abc2c41b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
9f9df192c9a6bf69b0b4d7cc9d2c208f

SHA1
fc8cff3b37848fd916bcaf686cd5032f6117468a

SHA256
72fe45cc0414c75a6af33eddae51c9ae78b4f8f51dc9eabeb44ef70bff744887

SHA512
fc239d100f88151a43e21d3f838f97adb85bd5ac7b91af15d0df449ad20cc0adeda0a498146b3d35d6d93fafe84463720b8cc7c572ad9369447f18de35a1b8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
639c28665567ccd3dd17bf2cc3378df7

SHA1
d1864a47b4dd51dd2a2ee8b53e19a7d3fd33071f

SHA256
9d00b09304c844ea359a80c953f46e3e4788e09120eb6dcda2de96c84e3947ea

SHA512
f4a98820f8017ac440e8aac7a1fd838ce464816b74cad9657f40421841f4b21a27e3d2e6a3f0d56c5783bb224e2940e1f75bb1823429f5df4f1897b99c5218c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
d21a59cc47b280f2d5380025ed0b1794

SHA1
a7c0fffef80445c8a37a0c02c8962cafd65d9469

SHA256
7748a7830727fad9cda5de8b58c1c5d0c50cc30bc5a34e28df679e30ad4720fb

SHA512
225ad451e5d2953eae8097f844bd8093f45a2eeb676d58dfd84c19abf691b34a212f1e121bde0253dfdc37020f4ae9872dad1b37103d60d4eee68ba0d70c73a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e0cb.TMP

Filesize
91KB

MD5
a9658d79206233b0effbf18e7847eb1f

SHA1
e7ed65aa803a53875ad55638dfb581990f9aa237

SHA256
b99c8e073530316fd9cba15eac0ec7564256f9bd56abfd3e930cdecdc1fed7ba

SHA512
948d168d000686176dbfbd30d0c370449fb37caf593289f5e419fa7a6b9590c35dbb30fee17884e5d56ae1ae215094b542d489690eb08fa5f31e8579e14fdc32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a68581ee-dc34-4a70-bae7-5296a31ccdf3.tmp

Filesize
94KB

MD5
fbe898060b1b7058bcf79e601375b146

SHA1
6fc7ed8bb4d6ff2f61c46c39925e43debb47ee01

SHA256
6636099d2e00639c440f6729ee48981da8257604343a76d8af448499f414fdff

SHA512
66163354e843e1bdf0270a84c650d571992fbe36af77cfd300a2d13e79afe08dabf87b420ec5eb8a80e4e1cb0a379da996724759743f050d727669f18f18e938

Download Submit