hxxps://u33148522[.]ct[.]sendgrid[.]net/ls/click?upn=smpeHFPxI-2F4o-2FVoa-2F4Oye-2FkIqs7D7zyYYoBtfNKdrBFs9uB6kjBSpvFooefkEicnKKLI67bfWNv2DgQPsiU73OiiXmAfGeo4oOxGPibk6GkQ-2BFpqwDWGG89Wm7-2FICRv8IssvldnXjcm2sdnSfBSofGsuXav8dN9jHpHG71QokFPz6XIVS-2B-2FqFTUuGZNMhVyY3uPcnVQJiAvtAj9l3QHFvVPhLYTs4VMB6uqQnhlOHdKZNDlcmonD-2FHlkSsbjG2HUn-2FaM1e8uJUYjnODdnpEIVDSfozv1qPuukiH5H8s1-2FPdqIcFsdYzbuG-2Fpdjb8UxR3oe13_KsZvydBeoFFgQ1429-2FKFHeTyF0-2B0nKViNYla9SJ6ZPpsIYvyALAKJ6Pu16pZ-2FiqGBxAMd2p2dCDFqlXwx-2BpRlnk6OGbyg3LjIMddX1r-2FCjYyspC4QJFkESE5uyrkFUyTJ1tTKC8-2FrVPV7JmASRxOVU-2BxJXIjW7IYQ3uid6ttlwkhR8v8HmZ1k7PFO3XBm8rd-2Fz23kWM86Na8DyqWjdj42mJxw-2Fwm0PPCROhEDjRhWTA6kVShJ-2FQBx1STFqAzDOkEPUjKOgSk3SD6mgf7Ge5Vc0wuBOKbyYGcuk2KBzioOOsSIz8is4ZEfd45mdjTGChpJLiJMj2r5Fh1RsQM7MGcMu6Fm9PQJK2bspNAlVRv80X2EKdpPYs-2FeDTefalrbnQURyvLJp5XkVdhvLuLMYRPYzTyPCuP6urv-2BX0ZZLONTa7IOWsI0oML6MO1Xnh6gqiNvNa-2B7nK715kA5CRneQGZTPdF3onTTtMgmXn-2BQzv94-2FUvXm9A1n354OGPYd8n8Tq7OdPXMxpKSAyAfp3ovTS9MzQ3HIsfrdL3q1LrBHwm5D0RzDR0e4mTylJWUNpKD306x59tRDHfCb-2FH3R5lnnx9Jy0E8hwxsaQdf7iWTiRQx27NYjSpsI1Tu-2BQDBO9axBcg1aidTqBYCtdJiN0ifsyOj3-2Bqq6A-2B0x54vzX71yEE-2BS4cKu-2Br8f-2BviECj2pr2Be-2B-2BSrvgtySzxlgu-2F1-2BOVq6UXcNQkf1TjN-2FqOhtfXAq0impSzgpRIzN3I6JgZ1V95levhbBmb0cr1S0UnUnjVf4Qo0DcsuhJfaZ52yG0QaNJCJaln62QWCH75EY14xbg2d0sF2I-2FWGDV5BvSK64V0qaZIPjT47YT72-2BThNJKbTCAlkD32YjkcVQM3jVEXoUcJh-2BwWvXHkH1pM4lToibEjpF7fA-3D-3D

Analysis

max time kernel
608s
max time network
509s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u33148522.ct.sendgrid.net/ls/click?upn=smpeHFPxI-2F4o-2FVoa-2F4Oye-2FkIqs7D7zyYYoBtfNKdrBFs9uB6kjBSpvFooefkEicnKKLI67bfWNv2DgQPsiU73OiiXmAfGeo4oOxGPibk6GkQ-2BFpqwDWGG89Wm7-2FICRv8IssvldnXjcm2sdnSfBSofGsuXav8dN9jHpHG71QokFPz6XIVS-2B-2FqFTUuGZNMhVyY3uPcnVQJiAvtAj9l3QHFvVPhLYTs4VMB6uqQnhlOHdKZNDlcmonD-2FHlkSsbjG2HUn-2FaM1e8uJUYjnODdnpEIVDSfozv1qPuukiH5H8s1-2FPdqIcFsdYzbuG-2Fpdjb8UxR3oe13_KsZvydBeoFFgQ1429-2FKFHeTyF0-2B0nKViNYla9SJ6ZPpsIYvyALAKJ6Pu16pZ-2FiqGBxAMd2p2dCDFqlXwx-2BpRlnk6OGbyg3LjIMddX1r-2FCjYyspC4QJFkESE5uyrkFUyTJ1tTKC8-2FrVPV7JmASRxOVU-2BxJXIjW7IYQ3uid6ttlwkhR8v8HmZ1k7PFO3XBm8rd-2Fz23kWM86Na8DyqWjdj42mJxw-2Fwm0PPCROhEDjRhWTA6kVShJ-2FQBx1STFqAzDOkEPUjKOgSk3SD6mgf7Ge5Vc0wuBOKbyYGcuk2KBzioOOsSIz8is4ZEfd45mdjTGChpJLiJMj2r5Fh1RsQM7MGcMu6Fm9PQJK2bspNAlVRv80X2EKdpPYs-2FeDTefalrbnQURyvLJp5XkVdhvLuLMYRPYzTyPCuP6urv-2BX0ZZLONTa7IOWsI0oML6MO1Xnh6gqiNvNa-2B7nK715kA5CRneQGZTPdF3onTTtMgmXn-2BQzv94-2FUvXm9A1n354OGPYd8n8Tq7OdPXMxpKSAyAfp3ovTS9MzQ3HIsfrdL3q1LrBHwm5D0RzDR0e4mTylJWUNpKD306x59tRDHfCb-2FH3R5lnnx9Jy0E8hwxsaQdf7iWTiRQx27NYjSpsI1Tu-2BQDBO9axBcg1aidTqBYCtdJiN0ifsyOj3-2Bqq6A-2B0x54vzX71yEE-2BS4cKu-2Br8f-2BviECj2pr2Be-2B-2BSrvgtySzxlgu-2F1-2BOVq6UXcNQkf1TjN-2FqOhtfXAq0impSzgpRIzN3I6JgZ1V95levhbBmb0cr1S0UnUnjVf4Qo0DcsuhJfaZ52yG0QaNJCJaln62QWCH75EY14xbg2d0sF2I-2FWGDV5BvSK64V0qaZIPjT47YT72-2BThNJKbTCAlkD32YjkcVQM3jVEXoUcJh-2BwWvXHkH1pM4lToibEjpF7fA-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444257773961136"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 3124	4876	chrome.exe	86
PID 4876 wrote to memory of 3124	4876	chrome.exe	86
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 2536	4876	chrome.exe	91
PID 4876 wrote to memory of 4844	4876	chrome.exe	89
PID 4876 wrote to memory of 4844	4876	chrome.exe	89
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90
PID 4876 wrote to memory of 452	4876	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u33148522.ct.sendgrid.net/ls/click?upn=smpeHFPxI-2F4o-2FVoa-2F4Oye-2FkIqs7D7zyYYoBtfNKdrBFs9uB6kjBSpvFooefkEicnKKLI67bfWNv2DgQPsiU73OiiXmAfGeo4oOxGPibk6GkQ-2BFpqwDWGG89Wm7-2FICRv8IssvldnXjcm2sdnSfBSofGsuXav8dN9jHpHG71QokFPz6XIVS-2B-2FqFTUuGZNMhVyY3uPcnVQJiAvtAj9l3QHFvVPhLYTs4VMB6uqQnhlOHdKZNDlcmonD-2FHlkSsbjG2HUn-2FaM1e8uJUYjnODdnpEIVDSfozv1qPuukiH5H8s1-2FPdqIcFsdYzbuG-2Fpdjb8UxR3oe13_KsZvydBeoFFgQ1429-2FKFHeTyF0-2B0nKViNYla9SJ6ZPpsIYvyALAKJ6Pu16pZ-2FiqGBxAMd2p2dCDFqlXwx-2BpRlnk6OGbyg3LjIMddX1r-2FCjYyspC4QJFkESE5uyrkFUyTJ1tTKC8-2FrVPV7JmASRxOVU-2BxJXIjW7IYQ3uid6ttlwkhR8v8HmZ1k7PFO3XBm8rd-2Fz23kWM86Na8DyqWjdj42mJxw-2Fwm0PPCROhEDjRhWTA6kVShJ-2FQBx1STFqAzDOkEPUjKOgSk3SD6mgf7Ge5Vc0wuBOKbyYGcuk2KBzioOOsSIz8is4ZEfd45mdjTGChpJLiJMj2r5Fh1RsQM7MGcMu6Fm9PQJK2bspNAlVRv80X2EKdpPYs-2FeDTefalrbnQURyvLJp5XkVdhvLuLMYRPYzTyPCuP6urv-2BX0ZZLONTa7IOWsI0oML6MO1Xnh6gqiNvNa-2B7nK715kA5CRneQGZTPdF3onTTtMgmXn-2BQzv94-2FUvXm9A1n354OGPYd8n8Tq7OdPXMxpKSAyAfp3ovTS9MzQ3HIsfrdL3q1LrBHwm5D0RzDR0e4mTylJWUNpKD306x59tRDHfCb-2FH3R5lnnx9Jy0E8hwxsaQdf7iWTiRQx27NYjSpsI1Tu-2BQDBO9axBcg1aidTqBYCtdJiN0ifsyOj3-2Bqq6A-2B0x54vzX71yEE-2BS4cKu-2Br8f-2BviECj2pr2Be-2B-2BSrvgtySzxlgu-2F1-2BOVq6UXcNQkf1TjN-2FqOhtfXAq0impSzgpRIzN3I6JgZ1V95levhbBmb0cr1S0UnUnjVf4Qo0DcsuhJfaZ52yG0QaNJCJaln62QWCH75EY14xbg2d0sF2I-2FWGDV5BvSK64V0qaZIPjT47YT72-2BThNJKbTCAlkD32YjkcVQM3jVEXoUcJh-2BwWvXHkH1pM4lToibEjpF7fA-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f31c9758,0x7ff8f31c9768,0x7ff8f31c9778
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2836 --field-trial-handle=1916,i,16184530484653466888,12129482474017864393,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7529d19d86a60e1be27dccf02813b35b

SHA1
6623c1b74ff3b5786012b3d4265cd9c7e5933ee5

SHA256
2c968e272be18d6e8ea7399072dfb499e684486517d08e6780ca2ba96918c2f9

SHA512
5138eb33d8a9baa5ffafe0541ec0b24d46025f5371f775bed7efc1acd1aba2cc2111ddc840f14451d67b1769437f6d67114ff5b2b4a19585d7460b28aba52010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b47beb71c40407e565c3a1bd1a69552b

SHA1
990f1e1eba8c43c4fb97a2298f82b0d394c48e38

SHA256
1a33112c11553ff51e25a89f6cc4e54c9f9f8d3f4a9c3443a0cc3cd15644da1b

SHA512
e0a505b65508d9564bbd47a810748487136c42a8f96f8b964db5453ef650d2751dd3c53997df169ba60f8a9b740f4162bbe01014d460255019568a0ec5693508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
000b1e62748f4278131db29e7a12c614

SHA1
5c26e3b5e0b1a1bf392d22d5d7cae8e912625755

SHA256
2b519998fea9fc7bbb97db01a3ba3988b9bd0a1ccebf3a8e21fac652f421896a

SHA512
5653da34615342646059706e188468e1d89a061218e581cf4285793667503e8572391e0f9da30c11726c421313dc778915f139418667c2d443be48714f94176b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
459c82f810ef8f8554fff733bdd86803

SHA1
7c59fa8c1ea6ae03e5908002183379f8137b0022

SHA256
01146480cc1fb0d5396eac221c74dcd87b3a3497259c0acb3f7992a6b70f7349

SHA512
3d0b148d96b532fc07cc478564f328cfcb85d247523e55a4644281a6abdca208de22638d4309f76acdb3a94acbefe1e45f082d09afc413299f1291815c3cc9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit