hxxp://www[.]interfactura[.]com/EmailTracking/redireccionador/a[.]aspx?IDEnvio=ab112156-0d20-467e-b040-e20eec9bf5a2&IDLiga=66f06217-f375-44e5-801a-fe4bfe232285&IDReceptor=3d4e92b1-512c-44b4-846b-8cb7146b31a9&IDValorURL=hxxps://emc[.]johnnysteeledesign[.]com/company#[//][//][//][//][//][//][//][//][//][//][//]bXSpbTQPOYJzMgvXPCoGZljHOc/irina[.]mettner[.]isfort@rtlgroup[.]com/?utm=tswTvRXXVdJSLFbLnGdvqgJWD

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.interfactura.com/EmailTracking/redireccionador/a.aspx?IDEnvio=ab112156-0d20-467e-b040-e20eec9bf5a2&IDLiga=66f06217-f375-44e5-801a-fe4bfe232285&IDReceptor=3d4e92b1-512c-44b4-846b-8cb7146b31a9&IDValorURL=https://emc.johnnysteeledesign.com/company#//////////////////////bXSpbTQPOYJzMgvXPCoGZljHOc/[email protected]/?utm=tswTvRXXVdJSLFbLnGdvqgJWD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607765840931853"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
3372 chrome.exe
3372 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe
1224 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1224 wrote to memory of 2920	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 2920	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3744	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3052	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 3052	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe
PID 1224 wrote to memory of 4120	1224	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.interfactura.com/EmailTracking/redireccionador/a.aspx?IDEnvio=ab112156-0d20-467e-b040-e20eec9bf5a2&IDLiga=66f06217-f375-44e5-801a-fe4bfe232285&IDReceptor=3d4e92b1-512c-44b4-846b-8cb7146b31a9&IDValorURL=https://emc.johnnysteeledesign.com/company#//////////////////////bXSpbTQPOYJzMgvXPCoGZljHOc/[email protected]/?utm=tswTvRXXVdJSLFbLnGdvqgJWD
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98491ab58,0x7ff98491ab68,0x7ff98491ab78
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1524 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4584 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4504 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5268 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4380 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4212 --field-trial-handle=1932,i,6508398780162161951,14906699977005295162,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
f9a2d313b57dcd5040ffe0085ab12337

SHA1
f2b13b71f39d0f6a19f86c567dbcb45829452245

SHA256
dbe0d9032acb54a7cd9fce3745133251271e9773842166116084f1443ce962c2

SHA512
7f6256a48865509186ca5130c2135520ef1ca6781362b8ac6b1ba85bfde2f77193991f0f370ef16cbfdfd30afb599e8c233ebf64c75354deb900fcd6991a656e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b8704794f45fcaee8e29ca970bfc6c2f

SHA1
a14e7043efca2adfe0dad7ad4509a08020194312

SHA256
495a2f84b0f121dc21c08eb24bbc51f6458fec343bd0a1984bf1279e116e4864

SHA512
f431ae830312d93fcdb94a05e8c1d0d1781edbd0d0fbfe1572318da9ec84b84437796709025ff1af76d31a9b440634611f2d7947e405c8fbfb869d2bec09c51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
e55b454cca24ff7371f81dd4644f6743

SHA1
69b86db8b97ccceb337f0014bfbb027f32248c2f

SHA256
ca83097a5535c305058255a70298c53bb122cc18579e4947b0c7f10ac913e3f6

SHA512
e9eb988c3ea389fc9695747871108bd7a6602f346b186cb5db5c4f92b522801c293356cef1e3e217ac0b889602e0fe888f14b19bfb8fa61f8fb5c404c9f19f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c669d3914c404281a2b386cce04988af

SHA1
36cdf990c9bf20ecc50233e8bc7a51bb2eb74d35

SHA256
5ada6e27399374bf99d539f4a04ce2af9f39ab5c1ac826ddaeca40de0c915aa3

SHA512
57ac55fd87a1da7da80544b2b69fe7aeb59d6978f7cbf0cae530b4b1c61f093a18cebec9808a99d848bc845a4aedf4838385f2b14b84bd24f65a6e97b7e767e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2491930b89438e46f2d7ae6d39e2b78

SHA1
021a23613e13b4c0610eae778eeb68f3cf236165

SHA256
6f9ee8a79663f032ed5aadd93bcbfc0fcf43feebe2f9736fdb763ce9ea566457

SHA512
a94cdcb8942c65ba588bcb0a241709d168fa93d3dd31988ba5b65bb83a8422304e69b88db565846fd426289e8a5add3b9fe309ef2078fdabc4c9569b66d9ec14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
a00547bd1f90b4aec0d31653813200df

SHA1
4de538726e234522edb75ed22fc08a0f147eb726

SHA256
a280a7318d6c37d21e771accf02b29411fa85c685cb0ca098cc62a9789969811

SHA512
e3e28f2653de0edf4ad86b6063afc2aa7403cc33b5f2e992bc661b4cca3a8d759b4dae8fb7640129e73aaaed28e123a0dd1e35b3d83832683d18cf70e2d0b57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
87fa017e5e27c918b1a91d0dbadf3ab8

SHA1
f80825362fd0eb9b0830769ca0aac7b720adae7f

SHA256
c462560e1df30a4e2876cb8a9d3f7ee32844896bf499adceebd3d9851870ff49

SHA512
b5bd1119455f544702eb0f626eac050a81691cfc5c936d3b127761ad958d4a644b5438e907588fa4dcdf5866e12305749e2fa6a00d4c8a0406506b4afa991393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
9e0d3b00c321162b50adfb091572d8eb

SHA1
fcfdb22cf9123efa5cf586a54d84528cc2fec81f

SHA256
51eb6f2f3a35e4bf3547567e82819acbc8e4208ae634091ac397252bb761e57b

SHA512
3ae03acb965df562f505830d288a1da8c7ea1ad5e6e78990407aae77f498779605a3dafd20a3ab3f9eb602d070b4ca7c4994a853f7b88fa7a2c134efa99902fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
07b6b0f1093c245781f31e90f5faafa9

SHA1
61cddf34d9a35217562963a2a7a751f87c5f8f9c

SHA256
11c7d423c4d362c4cd5bae4ba7d8c1a2502f2905e7532a7dedc59f56ffff773c

SHA512
4c5fda5324109a02b6b5a711b76ba599b356ecd459105fbd357970372230b1b7232029cc602b30cd89919764970994eac376b12743795b189d8bc62a2e3b250e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
64d6d00a9b3c4735f001464d67e7bbad

SHA1
6bcdcc2587f110771a744c53f663ae15ec0a7172

SHA256
34afc8a2288b9f9f2fa52918cc58e6d182098d84cab61c4abe1008c004692327

SHA512
dd632f91d710f89df0b3347207825c9fa75f0127046c4bdfbf0e1d5b4bf97733fa1c2a53c5b65587cc45834425570c9d20d7f2999ea532bcb929abec3210fa86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d6a9.TMP

Filesize
92KB

MD5
ecb801ebb2a773aa0cb6ffb7c1ece01e

SHA1
721f2a516203a80a6b09cec98db9b8c434807c0e

SHA256
ecd4fb1c5f2b7d87b705a12691ae72c96af4317ec12ffa7f4374abab84fc8d0e

SHA512
4d77183f1cf98cc72f86acd2cdf03913c3c1c1070f82dd43fd5fb0621cea0c998c9f572e679c0cfd6439ec9d73ee715b1b54fe8ee30f24c94259d749bb3b5f5b

Download Submit
\??\pipe\crashpad_1224_XJLSQTJOCJIKFUYK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit