hxxps://oqkhpvnppl[.]flowerbox[.]in/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=pauloroberto[.]med[.]br/host/kkjjdkjjd/VGVzdEBvdXRsb29rLmNvbQ==

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2023, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oqkhpvnppl.flowerbox.in/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=pauloroberto.med.br/host/kkjjdkjjd/VGVzdEBvdXRsb29rLmNvbQ==

Score

10^/10

microsoft phishing

Malware Config

Signatures

Detected phishing page
phishing
Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259394272725478"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 3228	4444	chrome.exe	84
PID 4444 wrote to memory of 3228	4444	chrome.exe	84
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 4952	4444	chrome.exe	85
PID 4444 wrote to memory of 1320	4444	chrome.exe	86
PID 4444 wrote to memory of 1320	4444	chrome.exe	86
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87
PID 4444 wrote to memory of 4684	4444	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://oqkhpvnppl.flowerbox.in/?dshhef7dyi-7c17jao-xt77v0w0o-qaglkg6oqgym5fffr1d51yfx11tqo0aczuqkhl6vwlimlntj-kn5c1~7v70x5thdvj7c1r1~56f38w80yeuur2e~myjmfimjgczyryf10fucpv~p0j241ano0rhvac-qzvpmr6b6kkd0xqdcikn5h-0xfvpwdyu9~062zk0tklf~vbjbpqf~p4mtkgudniqu01qy8mntriuy9cfvhcd-2-xov9j7c1sd-2shqdrvjte8rl0n7bj8myx79rjtx6w8c6hrruf9k1suacaxma0kc-huo3t4p31t0uzu3llizpbpxat3w7qvajx9yxo23u32v4t1ju-0au-4pm15pgw0f123y09rg7-v25bw7mkndt~3aa8f8mo-bpg-9tv7enovx013t17dqlxwapfe4yw18v23ksgo54ysett0k4aqxsutj5-5yz~upoxhcry3v9tvuu6evg6n0oxzhr55ng6otqvh~33id63esxp30~-hrwrrjubs6565g3-k2iucun085yf7tpbc6nhfuylze9-51xvd8070bt-i6munyirhyuo7lwbhk0y1-y7emsq6qbpfhyeghukzbtzizqkcb6niwnhjsj0s~5~~dta42odpz4j1xtlfjd0yksq6e-8e6a2bip7w6xkcswynrka-vv0meod4ypnio7rsa6nvpgb1diulznmdl3htq4341bo~ldqypza~16btlefrzje6w8cadgndkp~n0uep~wno30toq~lcjds=value&url=pauloroberto.med.br/host/kkjjdkjjd/VGVzdEBvdXRsb29rLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6cd49758,0x7ffc6cd49768,0x7ffc6cd49778
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5076 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5112 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,2069357386194795307,1426484468872192229,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
07615330f3292fbc60d353c7a2b57ebd

SHA1
fc0804287544150c2da234656c26c231ef5b8272

SHA256
3a7fa36d51d0b535c427386327eb5d2b11629067721a041f68a8ec0a1c27544f

SHA512
99d738b897bfc2edda8109e04ebcb7ad7f61411e21d4bafdcc4de36f27d913342306bae46354fafbd5bc2a2f86266c922fe30d1435d3acddcf05e56adf2fe7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
73e6aefa982b00e1b98da13e694b2d1d

SHA1
f53e9031cbd97e245411e90a7bc9facf05dbd9c8

SHA256
7a85cc6da5c5492be9224f3ecd2515c85ec1306d635235c829060cc84f5a649e

SHA512
b9828172e70ca2c2768cc36a59f8fcda6cc2d6469486e95099301f0a2cd8659c5ad14406e827201d6e80429b1840af01740ff162434fdae78e8a8814214efc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8d98252a25f9e74f227b24643f022e4

SHA1
b6ce6bbbf8263296fd27b27a22c143ab403d619c

SHA256
c635a730d533ab50036bc68b05b27f231b39c60d9edf9ac193b544adaae6033c

SHA512
95e5b93af3d309985f8bb9bf7d9604a36dd141ce9b6c2ac449ba32e7e44ff8c43c1812cd6b191a84d9e9d4d66a20f674722555b1ee15085140c79b9b7a5338d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
d2107699ae876ae3a9abaace9d7b304f

SHA1
fddaf2b8b13883529d48606d61f398cd1d510d4b

SHA256
0d2898c29d42a197c82e17b5efebd810b5449824b69dc57f768c051474cafda9

SHA512
bde98bdeebfd085dd15ee811c4a72301d0800598e3d77a77cdc79eed62b54bb5fb35f159219996945bdd0b1f6e8d89f4d2a59cc581991341c7c2969877d564de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5795e1637f785731646f78a2c47eac56

SHA1
23ec054d57c293e374f199927bae50a0ad70e790

SHA256
aa807dce45237f21ca77f419d51ba84fb18c7e1f9d92e5213e38d0b3d21cee41

SHA512
38c614618c220d897336ce37dbd8c83a666868c122f4a86f5657b750ff3887fa179bde5c4aa549d859962f1e4fca3ffc9f6a0d7c44ab368d45c334592e8e631a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1df778a4e5e37373a6c3533706640415

SHA1
a140301a663aa50ba0033cd2017dc74a9794f767

SHA256
38cf64b4cd33eb006ec8948b7e40617a70507aa3619f40f954b521313f78ca82

SHA512
b4aafce181ab92b22ebfebce2e7258cbb24407362ab1462a3fd53f0226d769c1238c7e09182e4669b832128e3273c0ecd4033fc4070b8dab58f31cd28e04b381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3afa256c66d85e2a78cb3ce33ef3e19

SHA1
33e09d0342bf479fc7703cc306b7a76bb23515a8

SHA256
e817ef82b082b08aa0e28d48d34c5d18e93ff827889aafefcffef93e891d3540

SHA512
92dc8747e4b2b5e06c632dc801e5851d117e8ba672fcaa7de7f21775e22be5a7cea285ab4a530cd22c6fc8586531e3f74ccd71ad0c5bfd82bbb4051d93dba6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d1ad971019fd90310963eef159e8bae3

SHA1
50758c56d862316154ddd1fd9cb118b555cbbfb2

SHA256
0b511cf7baed2b25df4cbc30dc92796fc53c9035186e471ae62733e04cd0dce1

SHA512
d7ca4df96fa4a543443b3389a249ac24b3e448281a06e1f7bba2208523bfe295b71ffa7598f65b7f0c2ab2d615e70d18183baf5849a2741e036bdf3fe58f7c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68ec14166e4b1ca118e078a7f360671e

SHA1
d993808ab8b39b4e5bb31a146b292503558d568a

SHA256
d51925a8b81c85fe728c708f50e1da4c6311ce9a9223fb8fe5a94740097d796e

SHA512
eace0098d00d79f16f38154cc532d3073cba391a39ceb2ee802d3a9eb496203cd9bf6d3f890a0cad7709f19551c706ce5fde03b34d2315d3340bf23d758e1419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5da4d8520df67751219daf040cc746e

SHA1
c7cb0fe8309d1dcba3fcb135db59c5cbf0e53947

SHA256
61af92ca616872de95834d9da1bee40e803b87d3454f4df550a2b46143bf12e1

SHA512
45ff5cac543353bb67c3a2ddbbfd72886457f07c58999e40bee166bf994e740cda3b4a0f4e3506aeecf6481ca68c71f88282d4cd63cc830da1131258546b1f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
72f5ce80ac5f1b7928164fc61161bece

SHA1
085ae849369e764887557b6d22e713924206202e

SHA256
825244c7dc3c1fe7d552db149b88b4615215e0f831296acbfcca6a0caffeee29

SHA512
93385fb2c0a96bece6c8a8cdc24c7636ebdfd160dd9297d6522e9bc58a1783088f2e9e1147e5bfd120533e294e90d20774e169ac5ddf43c41ec63ed00d28e0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a49c60a6a517c4e370ef859e2cb430d8

SHA1
f6e877924a728fdc65bc4dd349d4b8873d5ae55b

SHA256
1a467588b4c727c17c52e63ec20611bd2879c60155c7790d682d33812d9babde

SHA512
45baf3291f426c9cfd74bfec7bc430ffad2976efe7b5de6aea57a457f7725f312ab9020458a26f76d0fe3ca4c97e57bd2b741bdc8127b755dbc85d62b814dc59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
7a2d31be11f4e99053f1bac5a3adf6bc

SHA1
320b25fde1a20d3f003b7409465b9d7295e93902

SHA256
1cfe9db969ad34e634a34f6f3fd54d5c416884ed63297aa2d66d7d92d524774e

SHA512
d9f2f6e85658d918a344b4931eca7d618c85694700b5369653b6c9bd4f3ec1c19a908f3c8a9d2f8133a6411e097050df0ee9c61baa95969299fedcbee7bb7b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
308590448e4a6b4112ece16ebe399234

SHA1
9d7e82918099ab4cf13fd84fde5e683d9e5c1855

SHA256
0e29ae0cc170034427792ab41106ff002f8c842eba180a85801bfc196392f697

SHA512
5fd1eb2f89dcc55e9d54b57bf924aa68fc34abf9fee1dd0fbc51fcaa41dcebad0d4fcd04b2de2f3d71a9303277a9f2c833a15859ca348f588e248678e767cc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
6f807ad5826051aec92938f81c2f5782

SHA1
652203c801878cc7d80ac08dcd80ebd442f497cf

SHA256
ade60c30038aac5bef417380b9ba2850496c9678defba1459e27ee092a335730

SHA512
5a0947d50685590ff2e7840a23eece8c8598a84df9685e43328fddf6844f3d202b4abef3eab0edb9c192872a05c7289ec72a65700e16f50b3b5f69587afb5d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
34c58364171505e0292c9878c7473f4d

SHA1
2606ebeb88c36dcdb12547ff7baca0e9324a1c88

SHA256
dd3acad241d55d0e270aaf7e6b220cfb6e9556cda9e044d0b17e79be72c5daa9

SHA512
7605fb873f57261d03a015181097f772fe8c378e104f65e1c96a945498c1f7ad5068c574e784d79e21d8050638c16ab3fd2d0a19db6482aebd2d25e90994c901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit