hxxp://clickmarketing[.]birmind[.]com[.]br/ls/click?upn=65hNT9N0XGHTWidHOLl0y2Yqlr4mo8evumCe1lFrpKx-2FFtQFMqJiHOqDBQo-2FmlxPh1bL8-2FmxxI8oCOVHTfYI5FIVlIHtIlDd4kjHFx-2FFQzn8R2nP3WKuTsaVHDNme9F40kH-2BFMxFF66TxgL0vHiveENUZjQ-2FpZXBo4gt2fgT0KA-3D3go0_WcYo2CJalv0RYomnH28N8b9oJGoz2qg0tl4fZC6xYZRKHU2pJInhidhZEQZdKP-2BTP6dt6wdwUoVBPBZ8HmJKLASj402kGDlz6rFOg1wMPolngoE7gTAeiKFW2YE1NBDa3QkJhNidsNf6H3UmuZ5JKufs0MT02wOzGOG0bWOLRX9U68VS0G30cGuWlBeyd7yWvfPDpVtnwW6T7-2BGyXUCiVvrj7xy4kf7om168orPR3G7BDBm84qM84gjHi9nEpvqZXy89y8YHJiMHWsHzGuL2GqRKXGwAFGCVogvCW03VL0nkg-2BaL1V3nJByS0g1b7Yw6TNW5e0XyBeWNUNggNWC-2BvHSFoqCV9DHlX8UIcxEpBSFLa3-2FavkMgjxJt3nT3EM7ZWNpblD9blol6rWeFxnjkStiGkhjWjmEn67ZtJsXYpmv6Ah94rqDG5UhzfYyerEcvSgHw-2BluSVz5s0IQ6mekdQkt9thzynBXzU-2FMiaKpONQXS3ZFW5GZpjohHJCf0msNGOulCUqLiUSm2atnQBVIjROxH4ZqR7cPfDP-2B1xQ2QMEmPBcyN3C2bPmh3jmBWzAdZTKJfcPRS92wq6FsgTXk7dgk8wZ63w4Oru0pVZFnDZciBBNNxbux-2FwRGQSIBzaFFuTFBaJow8tCcC6aaWbdKhpV18G8gsEZJn-2BB-2FI52ENIrQ-3D

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://clickmarketing.birmind.com.br/ls/click?upn=65hNT9N0XGHTWidHOLl0y2Yqlr4mo8evumCe1lFrpKx-2FFtQFMqJiHOqDBQo-2FmlxPh1bL8-2FmxxI8oCOVHTfYI5FIVlIHtIlDd4kjHFx-2FFQzn8R2nP3WKuTsaVHDNme9F40kH-2BFMxFF66TxgL0vHiveENUZjQ-2FpZXBo4gt2fgT0KA-3D3go0_WcYo2CJalv0RYomnH28N8b9oJGoz2qg0tl4fZC6xYZRKHU2pJInhidhZEQZdKP-2BTP6dt6wdwUoVBPBZ8HmJKLASj402kGDlz6rFOg1wMPolngoE7gTAeiKFW2YE1NBDa3QkJhNidsNf6H3UmuZ5JKufs0MT02wOzGOG0bWOLRX9U68VS0G30cGuWlBeyd7yWvfPDpVtnwW6T7-2BGyXUCiVvrj7xy4kf7om168orPR3G7BDBm84qM84gjHi9nEpvqZXy89y8YHJiMHWsHzGuL2GqRKXGwAFGCVogvCW03VL0nkg-2BaL1V3nJByS0g1b7Yw6TNW5e0XyBeWNUNggNWC-2BvHSFoqCV9DHlX8UIcxEpBSFLa3-2FavkMgjxJt3nT3EM7ZWNpblD9blol6rWeFxnjkStiGkhjWjmEn67ZtJsXYpmv6Ah94rqDG5UhzfYyerEcvSgHw-2BluSVz5s0IQ6mekdQkt9thzynBXzU-2FMiaKpONQXS3ZFW5GZpjohHJCf0msNGOulCUqLiUSm2atnQBVIjROxH4ZqR7cPfDP-2B1xQ2QMEmPBcyN3C2bPmh3jmBWzAdZTKJfcPRS92wq6FsgTXk7dgk8wZ63w4Oru0pVZFnDZciBBNNxbux-2FwRGQSIBzaFFuTFBaJow8tCcC6aaWbdKhpV18G8gsEZJn-2BB-2FI52ENIrQ-3D

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373317471937943"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-618519468-4027732583-1827558364-1000\{1BF91EF3-9B13-41CA-92D5-4FB15B5D651F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
2664	chrome.exe
2664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: 33	1700	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1700	AUDIODG.EXE
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3088	404	chrome.exe	39
PID 404 wrote to memory of 3088	404	chrome.exe	39
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 3352	404	chrome.exe	85
PID 404 wrote to memory of 1016	404	chrome.exe	83
PID 404 wrote to memory of 1016	404	chrome.exe	83
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84
PID 404 wrote to memory of 1968	404	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://clickmarketing.birmind.com.br/ls/click?upn=65hNT9N0XGHTWidHOLl0y2Yqlr4mo8evumCe1lFrpKx-2FFtQFMqJiHOqDBQo-2FmlxPh1bL8-2FmxxI8oCOVHTfYI5FIVlIHtIlDd4kjHFx-2FFQzn8R2nP3WKuTsaVHDNme9F40kH-2BFMxFF66TxgL0vHiveENUZjQ-2FpZXBo4gt2fgT0KA-3D3go0_WcYo2CJalv0RYomnH28N8b9oJGoz2qg0tl4fZC6xYZRKHU2pJInhidhZEQZdKP-2BTP6dt6wdwUoVBPBZ8HmJKLASj402kGDlz6rFOg1wMPolngoE7gTAeiKFW2YE1NBDa3QkJhNidsNf6H3UmuZ5JKufs0MT02wOzGOG0bWOLRX9U68VS0G30cGuWlBeyd7yWvfPDpVtnwW6T7-2BGyXUCiVvrj7xy4kf7om168orPR3G7BDBm84qM84gjHi9nEpvqZXy89y8YHJiMHWsHzGuL2GqRKXGwAFGCVogvCW03VL0nkg-2BaL1V3nJByS0g1b7Yw6TNW5e0XyBeWNUNggNWC-2BvHSFoqCV9DHlX8UIcxEpBSFLa3-2FavkMgjxJt3nT3EM7ZWNpblD9blol6rWeFxnjkStiGkhjWjmEn67ZtJsXYpmv6Ah94rqDG5UhzfYyerEcvSgHw-2BluSVz5s0IQ6mekdQkt9thzynBXzU-2FMiaKpONQXS3ZFW5GZpjohHJCf0msNGOulCUqLiUSm2atnQBVIjROxH4ZqR7cPfDP-2B1xQ2QMEmPBcyN3C2bPmh3jmBWzAdZTKJfcPRS92wq6FsgTXk7dgk8wZ63w4Oru0pVZFnDZciBBNNxbux-2FwRGQSIBzaFFuTFBaJow8tCcC6aaWbdKhpV18G8gsEZJn-2BB-2FI52ENIrQ-3D
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04fc9758,0x7ffc04fc9768,0x7ffc04fc9778
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4804 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3244 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2488 --field-trial-handle=1864,i,8435159810751052486,12138046435731381268,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
06112b1fcd15b99b47dba675193c44d8

SHA1
63b41b0e7a164e8502065a72563a69122e276e2c

SHA256
c96893cd709d2071f5895d08eead4ef06e29c77a48143ff560b66ad1b66e4f38

SHA512
e617c997d428e9514b9ab8b2e0653fb7ca163a799f7d52dc32cb27411b9f553e645034db7f19dc35a8dbd7dfdc6ad9fd4c0b2a1dec2a6293adb304d792e54aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f43f8b78b7092a282605c58a4b3cfeb0

SHA1
b731a004855164dcaa8af74c12b2000932645373

SHA256
220ea9ff57f4e9bd7f01822ebb8493c6a00d4111782578e20bf90ae594374377

SHA512
98f4e097c91e3ecc94cc773667a22cba6f5a6ded86a6fcb8287b9a4122d6e1597a0bcd95b44123e1fb46ff5b76169a08741aa16f987b5be00204173f4532d0d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e7c284edcb51adb975f8e723f82f9ad7

SHA1
c94094f7829f4c950da6db03491aee7fa2ba3f24

SHA256
9156c518515481a0713408af152f58d46d6172ca70bac683a7314c7c1d652674

SHA512
7e403835ce92ee4aea19918db54217b6da08d8390895aac5ac6a333e873acd95ac4747afa03e9d2e8d8b8f9859dee159505d7588002e46943f4d131e1bf7f592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
556620b3ec04591484ee62666a091455

SHA1
7d156e3a490995116b2e83084935791b1273aab4

SHA256
037660e548fcd42d106b83ccd02f537eb191e8f9dc714bbe82495247c4b89bb0

SHA512
c20312d8118669d35cc957207237e764ab8b25d0083bd807d3c9f137d93a16b5adf54e8a31fe5fd8eedffbef72a766c1184c67e7680987239bf429182f213117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
dcd06abeb58c5390ea22392a8be240be

SHA1
707de4997f94882a909b8108be602c564e2cefa7

SHA256
e04d57abd6cf8c31985504b166de0e92b90ed2ff028dfd59348e0cc5dd8634e2

SHA512
70af8f8b44585e55d75ea1c8681c7e6cb9ba6dfb291770612d53a010bafbb4a24ff9b849b1e9657b967e3113752815477d64597855d20f808e56a9a759669822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e8a731b9cbe0b145093d66517a69c17

SHA1
c56bef71a265dc3688ab8b7d86bda35574235f32

SHA256
cffadd05ce37e75e9b0d7de545c0732645e643fd4ca0c488594475c3ef82589c

SHA512
b1aa233aaedb998d8d2016bc45b0967e80902021f8178628d697388da188ee681f89818e5f5d0b72fc4156bf2a1042c45221663f5a933a5acea21e84fec7b70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a6693f200782d7f3be2d3bd50e450784

SHA1
08201157cccb7c62dcc018fda0c1fe856138521f

SHA256
c87aae3e4fd064c2109c3192c4b95062e601f6fe491376289b8047badbbb47c9

SHA512
8f492f2bbcc3a2e60d1f9f550c06d20f147fda5fd0d6ab08554f3597e7d0c3e98ebe47786ae0189f8e76ff2550e91f36380f2a112d0d7c67c9caffe53d3e69f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2c406690-d0be-427b-86e8-8402887cb6b4\index-dir\the-real-index

Filesize
2KB

MD5
6c67988476cae0f9ace680a0630d00b6

SHA1
eb103d3f00f14b3d6496b555c4321c089aaf9129

SHA256
a1bcda5742129aa6814537d8810b4dc82400dd7a5e16898c606ec11dcd38d916

SHA512
ec8c50c2d64d0219d89604188226b945be4ac0500759c578aeabe4bc225ba200453955cf64d1600f302766b95930f0ad74bc6342b394b563e51172200915dec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2c406690-d0be-427b-86e8-8402887cb6b4\index-dir\the-real-index~RFe57e0bb.TMP

Filesize
48B

MD5
1c0b4dcb241fd805bb78ecd60abad3b5

SHA1
c8677fcfcd66ad22fe2beef982b092cb582f205d

SHA256
9c541fa9c94980c0cc294073225e9fad649ea055f76d8e4d0575651d60fa32f7

SHA512
2df5691d507a369c1a699e15dfbe26b6b150234645ac90f3c022199eaeeb277ca0a5182d5befa8a94f8bd7a8b8494e2ba9a436a62f42ffaeea98b16ce35ff1ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90a8fff3-a281-437b-852d-a52090ce108f\index-dir\the-real-index

Filesize
624B

MD5
78203b748f89639985500eff43af4071

SHA1
d8f383fad9246769312e2cf2333fb210ef44014a

SHA256
dd108bbcda996a054d41fcc2ec055a598c335b716be6214732a5047a0ac20a5f

SHA512
d23316fff99bcfc0c436d81ada10750594b69512746ac0f7d3fcf1e853cdf7d192cd1fa700ea81c1b51ea6f1e7b873363de017cd875e5ea603dcb737bb513bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\90a8fff3-a281-437b-852d-a52090ce108f\index-dir\the-real-index~RFe57e37a.TMP

Filesize
48B

MD5
bf57575bee3a1148349b55d64646ffaa

SHA1
14a445a8b8f356eddf6997ab002d1246faca269a

SHA256
b820c5513594abda3069a738c14f95406b3df055a7f379dea6a416489285c869

SHA512
7120d61b937edd2e7557249d8e25787a268baf0eccaaea66469ec211ee61d2ee1474540c55df186e154da2475bf57432303402bb710c48b142e323134fa09c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
954bfede36517ac895fedeb674af8330

SHA1
e2f39066d012f1c9884daf27ad72b85607782354

SHA256
2278169109febeff67849797844f75aec38c780f7f187fbdb00325efa8450f09

SHA512
1fa5bdca45b30f291a92604d0796aa505b8343b24f680f803d3435f7c2e531666e2bb028f07322d097d276606d19dba39930477166bf30dbda54b9027fbe0ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
28b71939a3ed0a3c6b784e55fa82db2a

SHA1
b775b2e1387c4e7990a13185ef00b936e06b9dbc

SHA256
d757675fc4f3551f191beac78a9570c20bfa61b6ad9a31cc4500132cd61c01a8

SHA512
3c780caf30d4dc7e08b2a2e0910d233735e867a35414aff19e15c50e18dd8425351afa6568fe4ce940548f0644aca42a42abb36dcc61c40335c2c5e850800383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
de8672944891194f8e71b454ea2f7d5b

SHA1
ae9de6ab134dc08b30ae5b3601c6752345bed310

SHA256
26991206d338d848ab500f9bcc895f62ce2ef7ee1514de039c51e7f071019b3c

SHA512
f0fe170ca82f8af57f116f7e4f75e11c4b5cf175cf7fa40060b3043da384846166b49496d0d8a78a6ac8f4413c8eb9d374e14e27592f50265985bb25d72177b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
6b677f2d5a6d2497a2ef5c3722e7ef2f

SHA1
703ae24a73a167e4969d11af1b80e1c203ad2bae

SHA256
ee80e0f66fdf609962f64443286a6c1e392cd18b9cea24340af27d7474a77ee9

SHA512
1a3a13e8f2f65ebd1b07e142e48a4ed7c2a0642aadc9f25df31f7cfa08c53fa6b31cc0f1a9592bf74f1ba3e10e4adebe8e210dcaa1cc423eea1d86f6e4ad3c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577a70.TMP

Filesize
119B

MD5
6f139c20ce6433b217eea4ff431ab10b

SHA1
7d45ea6f3ab62a7a9855bb0aeb34284a1f62d0c8

SHA256
29f8f2afd73005dd244ceb2470846707cce89f71880c0512cd09a7338228153a

SHA512
b0c38723ecec27f3acadb8bfdf9387744c61c1a4238fec4cd612f82a0cfd452c65e31fbadb9feb3687c6dda0b9f2e6bae09f7465ef7c9f412416d70ab992f68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b1f41090a3c407c77110707dcc98ba67

SHA1
b6945cadecc0a4ce48c1b6fe26609ec713ee1352

SHA256
a1c9042ae97347c317878c8ac330d857d7f4743152a96f0cbfc82f0073e4eb19

SHA512
1e16d719a1371e35aa35a58842b59c6b44f4594959fbc030a1c233b7f4c14491d2d9a3eeff76f0e78dab14bd7e80df4b1fa67d217c6857a69875514c854b976f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cdb0.TMP

Filesize
48B

MD5
987fde4e97e7ade27ba60bdbc6107ba2

SHA1
be8b29dba775156aa5495b778e9001b9ae7b493f

SHA256
ceb88ed39eb29d1749649d8617f914ff631ea459fe120b62577549917eb8c13f

SHA512
84b2811645d541be34dcf1398fb2427d11af32fa498325f27ad3b81c026a79e0ab92408ff3c065230a7f4cd13f2bf443047ac750ba8cf704c879c2555132a6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir404_1303097956\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir404_168842475\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d37c33eeeb45633881054b8a0c0393a6

SHA1
0036450ccb9802a74c4912c4809e498419b65e65

SHA256
d8f0de1e02905fa33ce75af46a3f7fcc15b11833998b0586475ea58c1c9dc98d

SHA512
e37a218ca9a76f38541da0898cd4cbb2c367ed6ad1fe7ef379fa62cdbcd7f70d440383ef91d068a9045129c5b77cf4d13748bb1439a096df74747c06477ee78a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit