hxxps://awpi-01[.]mwoengwage[.]com/v1/emailclick?ewm=joaquim[.]brites%40sma-europe[.]eu&user_id=%40%24xy%2A%40%21hYs%C2%B7%3A%C3%A7%C3%A8Z+%C3%98%15ll%C2%B8%C2%9C%C3%8A%C3%9A2%C2%8E%C2%AE+%C2%BD%C3%95h%C2%8A%C2%A4A%0A%C3%B3%00[.]5%1F&d=%40%24xy%2A%40%21hn%C2%8E%3C%60f%3B%24%5CoR%1B%C2%97+%C2%87cm&cid=%40%24xy%2A%40%21h%C2%BA%C2%A7M%C2%9E%C2%9E%14%24%0FD%C2%90%C2%BF%C3%AEZf%08%C3%B9%17%C3%B9%C3%B4b%C2%92l%C2%81%03%C2%89rxvM%C2%92V%28%C2%91%C3%91%00%C3%AF%1Ds%C2%A7%C2%86V%C3%A4%3F%0D%C3%91%C2%9BOt%C2%B3J%C2%BE%C3%87%C2%ACvs%1B%C3%BE%C3%81%C3%91%C2%AAiqD%C3%B8%C3%B3%7F%2C%16+%3E%5C%C3%88%C3%88%C3%97o%21%07%C2%AA%C3%A1%25%0B%C2%BF%00%10&ut=l&moeclickid=61b35f5997223f7c61e6625a_F_T_EM_AB_0_P_0_TIME_2021-12-10+14%3A09%3A02[.]859891_L_0ecli27&rlink=hxxp://pnx[.]1ne[.]stwpbogor[.]ac[.]id[.]/?QQQ#[.]bmF0aGFsaWUuc3QtamFtZXNAY2EuYWJiLmNvbQ==

General

Target

https://awpi-01.mwoengwage.com/v1/emailclick?ewm=joaquim.brites%40sma-europe.eu&user_id=%40%24xy%2A%40%21hYs%C2%B7%3A%C3%A7%C3%A8Z+%C3%98%15ll%C2%B8%C2%9C%C3%8A%C3%9A2%C2%8E%C2%AE+%C2%BD%C3%95h%C2%8A%C2%A4A%0A%C3%B3%00.5%1F&d=%40%24xy%2A%40%21hn%C2%8E%3C%60f%3B%24%5CoR%1B%C2%97+%C2%87cm&cid=%40%24xy%2A%40%21h%C2%BA%C2%A7M%C2%9E%C2%9E%14%24%0FD%C2%90%C2%BF%C3%AEZf%08%C3%B9%17%C3%B9%C3%B4b%C2%92l%C2%81%03%C2%89rxvM%C2%92V%28%C2%91%C3%91%00%C3%AF%1Ds%C2%A7%C2%86V%C3%A4%3F%0D%C3%91%C2%9BOt%C2%B3J%C2%BE%C3%87%C2%ACvs%1B%C3%BE%C3%81%C3%91%C2%AAiqD%C3%B8%C3%B3%7F%2C%16+%3E%5C%C3%88%C3%88%C3%97o%21%07%C2%AA%C3%A1%25%0B%C2%BF%00%10&ut=l&moeclickid=61b35f5997223f7c61e6625a_F_T_EM_AB_0_P_0_TIME_2021-12-10+14%3A09%3A02.859891_L_0ecli27&rlink=http://pnx.1ne.stwpbogor.ac.id./?QQQ#.bmF0aGFsaWUuc3QtamFtZXNAY2EuYWJiLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133237063669297418"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

800 chrome.exe
800 chrome.exe
3724 chrome.exe
3724 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

800 chrome.exe
800 chrome.exe
800 chrome.exe
800 chrome.exe
800 chrome.exe
800 chrome.exe
800 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 800 wrote to memory of 3740	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 3740	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 180	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 1776	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 1776	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe
PID 800 wrote to memory of 4508	800	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://awpi-01.mwoengwage.com/v1/emailclick?ewm=joaquim.brites%40sma-europe.eu&user_id=%40%24xy%2A%40%21hYs%C2%B7%3A%C3%A7%C3%A8Z+%C3%98%15ll%C2%B8%C2%9C%C3%8A%C3%9A2%C2%8E%C2%AE+%C2%BD%C3%95h%C2%8A%C2%A4A%0A%C3%B3%00.5%1F&d=%40%24xy%2A%40%21hn%C2%8E%3C%60f%3B%24%5CoR%1B%C2%97+%C2%87cm&cid=%40%24xy%2A%40%21h%C2%BA%C2%A7M%C2%9E%C2%9E%14%24%0FD%C2%90%C2%BF%C3%AEZf%08%C3%B9%17%C3%B9%C3%B4b%C2%92l%C2%81%03%C2%89rxvM%C2%92V%28%C2%91%C3%91%00%C3%AF%1Ds%C2%A7%C2%86V%C3%A4%3F%0D%C3%91%C2%9BOt%C2%B3J%C2%BE%C3%87%C2%ACvs%1B%C3%BE%C3%81%C3%91%C2%AAiqD%C3%B8%C3%B3%7F%2C%16+%3E%5C%C3%88%C3%88%C3%97o%21%07%C2%AA%C3%A1%25%0B%C2%BF%00%10&ut=l&moeclickid=61b35f5997223f7c61e6625a_F_T_EM_AB_0_P_0_TIME_2021-12-10+14%3A09%3A02.859891_L_0ecli27&rlink=http://pnx.1ne.stwpbogor.ac.id./?QQQ#.bmF0aGFsaWUuc3QtamFtZXNAY2EuYWJiLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1d779758,0x7ffd1d779768,0x7ffd1d779778
2⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:2
2⤵
PID:180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:8
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3920 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4620 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:8
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:8
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:8
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4108 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2796 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:1
2⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 --field-trial-handle=1828,i,15959881471840227503,6292988512599488229,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4912

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
f183a142a80ce2b89e5e7e870c68d8ea

SHA1
0540ed0e26b1abd368567e389f7eb738b0883bce

SHA256
dadc2f443440cd62c6646062b7928f44f218e6776eda664d0da7ece4a000dd59

SHA512
06dea1bbc3b4f193e58e5ef55b609dc4e08b3bd5b01f2760a564f811e503a875afd6d8eb3e6a417545403d568e9aa419eb85e5a08ae484081e08bb2962b2f65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9e74787ba29e162d03eafd3a355e35f5

SHA1
f3d1eb9af742600f3b49da920a50144426897afb

SHA256
ce4838dd0ef5ea970a8db19f1eebdcadcb7e21881d7b806c78cc127d2e3d6b59

SHA512
7b264d358a22cc597457d2f2c1d7bec1d3bc5e90aca218908c0b8fee6d24f955fdc11695ae8976d1270b3d75e2c6c9eac571c8aa5e165fa4a48f3369002be7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d0364185ceee8f7f3fd26a06dce5ef9d

SHA1
0185b1dd835ef99f9cffabd9e4ba53c3731616b3

SHA256
e9f41789a01aa0bb4cab05404abfab54073f53d258b0adfff818fef6ac7d3318

SHA512
33be92288cae9cfc2b252898d185b9ee41ebbc44c36793b1ecdaeb43da37d3e8bb45a773baca5846e1a0933c2daaea205058901ccf479f6042567112cbb0b276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
1ea66e8051683efee11a7e9cfea72be9

SHA1
e0b1beff4e9449ca82c130e4a1560dff01278194

SHA256
3958d67ec798482021e4c7bc54fee448be9892e354dcc5aed402ecde6555998b

SHA512
3fe0acdc647eda7e96348b64be7ea7d7638f2310c91a9cea941ca44d9768a5e76d86e4405acd020648fff48dfe776f4ee4475f1ac093b65caa35493565d01bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
6fc0adce77e2c7d5bc2ff4d6b0659f1a

SHA1
5fe4dad0fa851b64ff4f2555da3d4d3e35039086

SHA256
9f8fd3b80cb23bdfe0a670a87d94c8c9aaeaddfe9e331aa772d70c49aecfdde3

SHA512
dde4b3b62d7cea71be7af25ab1f0651325151c1cd4cd60f66d999da3d681a23fdbee57fe895f5a0c39342f07804bd7f89ced362444aada9f6ea4746631ff9785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_800_LQLTCACSVJDLCDQR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads