hxxp://minhaclaro[.]dtmmkt[.]com[.]br/effectivemail/redirecionaclique[.]aspx?idabordagem=5252932746&idlink=12609016866&endereco=[//]onmotiontravel[.]co[.]za/cgi/&link=795322289411331674704012295360YW51YmhhLnRld2FyaUBnZi5jb20=

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//onmotiontravel.co.za/cgi/&link=795322289411331674704012295360YW51YmhhLnRld2FyaUBnZi5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568245139779852"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 1100	4644	chrome.exe	84
PID 4644 wrote to memory of 1100	4644	chrome.exe	84
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 2756	4644	chrome.exe	86
PID 4644 wrote to memory of 3308	4644	chrome.exe	87
PID 4644 wrote to memory of 3308	4644	chrome.exe	87
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88
PID 4644 wrote to memory of 496	4644	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//onmotiontravel.co.za/cgi/&link=795322289411331674704012295360YW51YmhhLnRld2FyaUBnZi5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe089758,0x7ffcfe089768,0x7ffcfe089778
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:2
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3948 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4668 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4696 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3924 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4676 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5544 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3248 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5808 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5924 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4828 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 --field-trial-handle=1876,i,2609873225321464665,5291489218540141107,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
110400e68de7491af9efdcbab9916a1f

SHA1
df1fc58f73753485590a8661af422351b28cc170

SHA256
ff30e1860b1ddc3a31a88cfa0e9d42233742401a3d7624a06dd22d998297d4a3

SHA512
0ffbc62ff60f260b2e32f60a78efa895e16c3b7a27de3fdff024ebc4cedbe85b9378ae8bc689e516eca765cfe62b5943b24ea4989f8b551002ed03ca57fcdf97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ff50b600608d27f8e4712662edeab81c

SHA1
7b982e0c90666fb2191c247875e6ec3df93d830b

SHA256
ee29da383256b3906eccac1f61bb397a14d21db9d517da6e4c1da4cfa114ff79

SHA512
426bd90c894c00210e59d1102819709ae064ddb5627b73a727f8544d93c748397ebb5085247020f0c7f8b0e59a53c976533ab722e04517b96e1d29a584d3ebf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ea9624a11436ef8b81304128f30ba3be

SHA1
d9694cdc6201ad14affac660a047236e920924a6

SHA256
07d782f6968408626354e1c1c37fbb053c44027a2d82572fd5ca208ac3089da6

SHA512
0172306e5fdab6ff605658479f3272538025509e71bb0f24233db173a3be431ec4c363d21f8451fcec82deb8253c9b35bc6c510d81fb66a3266487d672f40bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9188ab9d00e71fc3a6f95d57256dc284

SHA1
400ab399a88cd7ac4e3f96ba2ef9d5288c4dc99c

SHA256
e0f34158bc75e78ef9f17d2c9289b698cf71a90a2596e2e2d1dcff6d9d79150c

SHA512
e8d79a1cf06462d40581e711e764f23f2f561f220a1fedebca5fda7f10ee55cdf863c2c79a9cc95aa5e1d66308abc54dbf68d36634fbbfb77934af608dbe33bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
2c8f289e8d25466dcf709f44369a0e69

SHA1
b14b5819e6c040c6199ac55ffb270cb50025c74c

SHA256
6cec4e054c2cba75a6f494c282cc4df24cc52a7fea40331d2245c81d3783892b

SHA512
d3bb84834fdb920919c2abc2c53ebb3f90c21ae7b65b30fe1dea2f5a39e55d8d434495f7f3e0800cc5ce0fac135a54e9a94e221ec80072e6301c365edd5dfd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
a659457ecccc26dba2b74a570b678ec9

SHA1
772e9488a7c2d0341d725815204d67cf0325c533

SHA256
c80575df7c9ba129828a18fb7f1fcec56849528cd96a425d64a839404ebf4f47

SHA512
6a41faeb7c81ffead40abbb3259481d7a7d86f8b5377600cfc4ee380e9910ecf74f789c02f34f0afc484f7302a2cba5ebf2789a0c431980a7e9b2d4fb424ac1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
7c449f2b2c6c51033ef563a94ecf9ca5

SHA1
9b5b18de67c51c7532cb56f4385fd9597418c00f

SHA256
f77bf8f566dd05be6c6fe3bf24577b59c0ad041e201b94bf3619fd4473f8ca3b

SHA512
2e4fad22af0c4c03b766121b766ba29f290f96b8fc547cefadf57579b5fe55521f0e75432a898d77b937e06e3c880ccd66bf8b771993a18115a5b22e1985d694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6fd5a68b570398e3debf2b7942d2fd9

SHA1
595b8e9aa3ceeb98d300e1ff99f41b6fd4704d6f

SHA256
72d07221952eb9f17af02949ee17af92aed288a5fc27189d4d5b90a91d56e7af

SHA512
56fea89bc084b0c9503cb952315d7de12d73fa7e6b786a3956e7fed5f3a52c93a95d425f31f72079007633c0585bd31aa072620e9ab60b2b0c52a29f69d56e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
7767aab821dcc3595bec429c2ce7e1d6

SHA1
c2f0ceebadc8ea1a5585cc54024f9b376c999337

SHA256
94d771609bd7f1262f1a4494569a00c60f898c1868423d4a952a62e014fcd744

SHA512
e475b5d09bf868529f757c92835f0ca35014f1e8e764b3bb0ed7523f1f796145a3ecbf2a9c34ac95092f397a99e6bfa3fa141ef4798c562b584cc86a90f5b505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
35f8b6653929587fdc5117d7e76d1e59

SHA1
631b1cf7296246269b4721187715b2f5abe02091

SHA256
4145a1d1c4375445e30c44b8c886f8ec9bdea47b18103da22dc18ea7e7a4f81e

SHA512
6a49b4f32504b2ca3b780107f2b2045fff0e15b3ec23d729e9dc2395a7522339e143378391758c1983a110c7fb70215bee795f9d8a5e1b6b25ceb0f742812cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a2f4b4869074d91a2afcad784bff9b82

SHA1
a0458fac3471a3962956682b3ac0349a47d26b69

SHA256
dad5ab40d1fd433f1a46d6cf6bd5605a50d59ee4f9372c517b642298d0b6b822

SHA512
ca9a9b9bd9285469aa576150dbe0cffa3d08e21ce82b5c632ccc1ca2b6a04fad8aca6ffeb965ca18a3c20b1083dc190bde698097e166c01a4e7c668e665f0836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
739c369c7c75ba0fee6ad7691d0d7118

SHA1
602c33bfd8d4008847499e625c123404e8be02d1

SHA256
55c3bc0d3406a9f392174d848b63dc22e8eea1d3c2d4c11e36f2f532fc8bd6fc

SHA512
13039af4cd7b491c8bda368fbeadeb46eff5b7093d4d905dd3667e5fac9fd26925813cc3d3c9c6530a71885b943ba4cdf87479e840a5dd470bfd123bf94be172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1048bb0f8ebe34e15340bf16d8374930

SHA1
4a01979566e066743fbb62fc81099f4d15dcc949

SHA256
bdad7cf35c941dbe31a04b8ada2a40567308a4a639379b8ca4bb52530a39a20e

SHA512
8a440f33bc3595ca79d032ce1b8ef49ed8cec7a83cc7ec1771650edb7543c3bbb232c3cb280906d35ddc8ee5c12c33ab2e11675ab2e32fb91399aa6bbb7e051f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
a09bc6cd04233c75997d173aba884156

SHA1
92930f745b891ff02e049ad05e5818df307138ce

SHA256
7637df8c6b5912bb2259a0f03ea228f063e2c603386127c3d0292e5564440779

SHA512
b92f656d9170885f8fafe74b044d696251827b2abb360c8f9f71772912ac63d9b8641808d467490c2ad75cdb67ff9786d1608d76c76ad7d272ebdcbd773d1c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
5225bb685a39a1431b7dd251060bf4ad

SHA1
be36f7c988c7d73fabdb7ffe8a8930dcf06d662f

SHA256
cbe0f0c9f976d4db8ba1529720218aafca659a23a4cbdc2fde730739903d4e06

SHA512
ca2196a9e58e3e438af3968bb3832f4f0cc3ca393f3856fae0c0e60f9a26654097cf662087e8daa8477be126a8e3fe23c975e65cd86fd978bafc5dc8e2f8b85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit