hxxps://store[.]avast[.]com/store?SiteID=avast&Action=DisplayRedirectCustomPage&Locale=en_US&v=1&t=event&tid=UA-58120669-65&ec=Emailing_Digital%20River&aip=1&cm10=1&ds=Avast&ul=en_US&cs=Digital%20River&cm=email&cd2=Paid&cd4=Business&cd5=BUS-00-000-36-AR&cd7=12632233501&cd6=14203612006&cd8=0&cd9=38044100&cd10=USD&cd11=29&cd12=1635195602479&ea=Click&el=https%3A%2F%2Fultraluxurybrands[.]sa[.]com%2Fnow%2Fauth%2Fuezluf%2F%2F%2F%2Fshivani[.]sharma@cityfm[.]com[.]au

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 17:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://store.avast.com/store?SiteID=avast&Action=DisplayRedirectCustomPage&Locale=en_US&v=1&t=event&tid=UA-58120669-65&ec=Emailing_Digital%20River&aip=1&cm10=1&ds=Avast&ul=en_US&cs=Digital%20River&cm=email&cd2=Paid&cd4=Business&cd5=BUS-00-000-36-AR&cd7=12632233501&cd6=14203612006&cd8=0&cd9=38044100&cd10=USD&cd11=29&cd12=1635195602479&ea=Click&el=https%3A%2F%2Fultraluxurybrands.sa.com%2Fnow%2Fauth%2Fuezluf%2F%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295176403219018"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{EF9A89DB-E7E4-490B-9596-AA0FEB5BEB43}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1836	chrome.exe
1836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2068	1948	chrome.exe	83
PID 1948 wrote to memory of 2068	1948	chrome.exe	83
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 4888	1948	chrome.exe	84
PID 1948 wrote to memory of 2992	1948	chrome.exe	85
PID 1948 wrote to memory of 2992	1948	chrome.exe	85
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86
PID 1948 wrote to memory of 3436	1948	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://store.avast.com/store?SiteID=avast&Action=DisplayRedirectCustomPage&Locale=en_US&v=1&t=event&tid=UA-58120669-65&ec=Emailing_Digital%20River&aip=1&cm10=1&ds=Avast&ul=en_US&cs=Digital%20River&cm=email&cd2=Paid&cd4=Business&cd5=BUS-00-000-36-AR&cd7=12632233501&cd6=14203612006&cd8=0&cd9=38044100&cd10=USD&cd11=29&cd12=1635195602479&ea=Click&el=https%3A%2F%2Fultraluxurybrands.sa.com%2Fnow%2Fauth%2Fuezluf%2F%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe9129758,0x7fffe9129768,0x7fffe9129778
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4992 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5144 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4988 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3312 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3932 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4788 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4416 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 --field-trial-handle=1828,i,10687658679138714776,11873889893905253315,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b2795d6de58315ae6e0ea6af34793661

SHA1
6bcaa179b969785ba43bfdfadac878edb66bd55a

SHA256
08d38c93667799b6688c6dfdd70d89f4386a5dc90fa418d68e2c01c193c988f7

SHA512
7b45f843a8150edceb1b48c7d867be6811baa24c6368bb938c1cb29de125ebca4b91bf6f6607f56d53df0b2a50dfbf435d0500389c9941ce9a8363a7b4ed091b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9d58d7d34fda2a927b1ae8891c249b7f

SHA1
4e8bd0496023e7881480d0c5f925115872da3b31

SHA256
6cce8ec6b91d3ed349943c4a1da89a57f7c0fde08ef7f4f335e5b721bbe47311

SHA512
d4b594d7f32d186b4db676d11480ae8843baa952b52ab0c034bb2d606e0cbfb14a54adc0b3f2fe32be1be3360524240613d39202737c5441a86e8f701d167c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
4ea871566249962cf3594644c2567697

SHA1
4ecf4e7a02d4d72923dda1d1dbea8c1739b6eb49

SHA256
3f9c48080fde073bf3bf83a06dfc44fad637917cd34d6667c3affd9bc7014659

SHA512
9ce61f2be80f705dd9945e6cd3483837cb563ee6f7ab33ebfa41eeb8b3a67dca175f22f9253a393729e2085620731f0b50c7ad4ce9da0340c07b4c4a3910f15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fae25d81e06fa5db5e465e9882534968

SHA1
5fadca2706ae5791c28afa5f4fb030e2c3204294

SHA256
d96af13cb7d40e8f9dd790af43ee69fa82dbe2b28ae38375ad07377dbdf9786f

SHA512
7fcd32dd2bf1335694be14874b1d6c25eb13ed5d843b1ddd2255b5b6a7cdeecaaf785efcbaeeca254b21b0aeed39bcf1d2e9136bb265eea24cb3099c15e04bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
78c166fa01702c40c6ef96f1dd13111d

SHA1
2e3aba80358e5274992950d9e5a1e813f7c08812

SHA256
a45bedc380b5b1184f23cec6fcec3e368595f7b1108e4a22a58eabc3fbcb53fd

SHA512
1ca44f86833adc143ded0b40079026f38e5f6f475ae48f613dce6e55e308f3d2af773da0c2ea1e7839b816ec7d7e48ecce79fed9b2506acf9e665230241e0528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
df48c1d7f7c21302579fa4bdc8249b7f

SHA1
c4db1ff2a9810c5225d4cc53dee3dd6f73582895

SHA256
0a2c41c0bcb6d2b1295f0e31110ea878683005e61a599493809334adfddc54f2

SHA512
0b3a407dccd54eb9b481d4a0cd1220703f96d81ef07c68f2d2b63d9602525aaab1158c7004d3d3b45c2da0cd2e1f44e6c8e921c8e00bec61cec67ca0d130764a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit