hxxps://cdp1[.]tracking[.]e360[.]salesforce[.]com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9[.]eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3OTgwLCJtZXNzYWdlX2lkIjoiMGd5MGRqa3ExYmJzejNxNnFobjl3ZDIxIzQ4NzY3N2ZjLTU0MGYtNGRmZS1hOTNiLTBiZGZjYmI4MzFmMiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczOTgwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGdyZWdvcnkuc2VhbHNAaW52ZXNjby5jb20mcGF0aHM9YWJvdmUmbGluaz1GYXhfT3V0bG9vayIsImluZGl2aWR1YWxfaWQiOiIzZDhmZTI1NjFiOTZmZmZjZDc3MDJkYjM1N2FmZjUwOSJ9[.]q9SFpE633mGPeAJulG4sMByu7Mx7JiHP3pFwluMjGRU

Analysis

max time kernel
299s
max time network
244s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3OTgwLCJtZXNzYWdlX2lkIjoiMGd5MGRqa3ExYmJzejNxNnFobjl3ZDIxIzQ4NzY3N2ZjLTU0MGYtNGRmZS1hOTNiLTBiZGZjYmI4MzFmMiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczOTgwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGdyZWdvcnkuc2VhbHNAaW52ZXNjby5jb20mcGF0aHM9YWJvdmUmbGluaz1GYXhfT3V0bG9vayIsImluZGl2aWR1YWxfaWQiOiIzZDhmZTI1NjFiOTZmZmZjZDc3MDJkYjM1N2FmZjUwOSJ9.q9SFpE633mGPeAJulG4sMByu7Mx7JiHP3pFwluMjGRU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586183568950736"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1052	1736	chrome.exe	85
PID 1736 wrote to memory of 1052	1736	chrome.exe	85
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 3856	1736	chrome.exe	86
PID 1736 wrote to memory of 4652	1736	chrome.exe	87
PID 1736 wrote to memory of 4652	1736	chrome.exe	87
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88
PID 1736 wrote to memory of 468	1736	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3OTgwLCJtZXNzYWdlX2lkIjoiMGd5MGRqa3ExYmJzejNxNnFobjl3ZDIxIzQ4NzY3N2ZjLTU0MGYtNGRmZS1hOTNiLTBiZGZjYmI4MzFmMiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczOTgwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGdyZWdvcnkuc2VhbHNAaW52ZXNjby5jb20mcGF0aHM9YWJvdmUmbGluaz1GYXhfT3V0bG9vayIsImluZGl2aWR1YWxfaWQiOiIzZDhmZTI1NjFiOTZmZmZjZDc3MDJkYjM1N2FmZjUwOSJ9.q9SFpE633mGPeAJulG4sMByu7Mx7JiHP3pFwluMjGRU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2972cc40,0x7fff2972cc4c,0x7fff2972cc58
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1236,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2116,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4996,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3328,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4888,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3300,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3428,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4824,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5052,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4868,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4724,i,17204874249866869643,6353550383126264842,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2784

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
538f3da32a9163fb24314ddbd2516ff0

SHA1
bc5df109a5f59b2046c5156d56839e407e0b19b8

SHA256
016b9884148fc704f2108770a76404aa222d58b32a6ff7ece93669ce197ce3df

SHA512
9da1c5c154a51eb0b17b6354660f8545982ecd8610c5d0bcc7880a6af40951c3e5f4bcbaa9d5437478f33a9cd85ce5aa00d44630bc07e0e02c6df307be34ae32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf5245ba144916e299ebc1570cd4dfdc

SHA1
813169668167e97c228a6fdf174ef7be6bfc8148

SHA256
ac8aad3b8ca24a60fafe8178a3fe618c8945fcec3bb15895a7287b2fc63c0f3c

SHA512
6a61b5e2d53edd0518d6c78aa23b3c4c677483c8e91e27908ec224d9b04ec8f6978b788400f96c5657ecf6278ad3e294150e85ebd58c5d4ee6be764f2ed45c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a0edf7bddabcfb1bccf89d050a43953

SHA1
7aa5eabd1fdb03604945f84f0a55a342ead9a30a

SHA256
f55f43ad7360ede9072d2cf76600275b69fa85cf58c623c0aebc1f05e1e48d68

SHA512
deb2131f2c6a0f9b7a0d9a16d8bedf00e808f6c0a6123e3bd6f66c30f34961873fdf37fa4eff53bbeebf4c80f741ece30fa44fa509873d704e695455950d8867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ceed8f635b84acc0748ed262a4e9fb3a

SHA1
d0db5b3aadf40337efde13b357d9d325feba9b0f

SHA256
248da4d1a4f0c5a5e35aa980bca39496e136e0a83fa0126b94d0c0aeaef2ef59

SHA512
ddaa587d452ba65bdf53b4543478c3317b1be282f58df3ab20b24653e52885fbdb11d9e3ba6d2cc6226bc3a80c61048bdcf171ba16b8311a0e2f5eafc73bb86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0c171fd3f78258e025bd396cfe769a4

SHA1
d0ae2e52b8c9fad8fff7ee84341e5ebb4cdee3f1

SHA256
4d189fe1b7f0c48e834e9a456ba8df3c7ea78e50eed811e0f7d8496151fbcfec

SHA512
eaffa3f4f7e4ad0cccf96028258a1e08d0a57224c98dac9398a1475e6ab73761975e38454c54bbf1644f36ba7ddddfbe875f7b48e7ab7dc313c5455ae023e987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
653c3beb511cc0bd18647c7fe34d21d4

SHA1
36a4ffc6dfbfabf84d4c3f2285536eddab5bea87

SHA256
aad517ce7734293f4e264263bc3665190d61be37ef2ab2784374a62c0b48e4e2

SHA512
5fd0a291f24cdf039033f73d0ad707cc0948508fd0ce797fe604ecc618da664782af0116b11721da758e1b2377900e6fb57f0c57e7cabf53246ec2bfad3dceaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3cf30777b6f530174192f9b089ea464

SHA1
5abec785a8b93431d06b5f4fd519cb87949630cd

SHA256
64495267a0a59de150ae8ca2081cadec7192fb6406559a2b39847c104780ba37

SHA512
b1e9d2df04e6ddb7138b5ebdf94cd119322c271487e27bc4a645accc9969f07cb3f4712d0fec6ae40a8f98adb8b700acf94efe71228209896ce47180a306c9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a58851b74647daf1430b0115fc67e20

SHA1
278740ca35a71f25223757c01fbeeae45c57555c

SHA256
d277c2eb83d8679c4efeb1c11fe08b463379df30513062251e170c914e3d439b

SHA512
c1daeae23a620760824ef6a5e05b7824a2835a10230699db7160378898c2ab66a396b1045fa4fad30e706ca05ceb78cf225f913f7c7f5ce0971b204ab125559b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f130c9939306b6c6c031b1964ab5d34

SHA1
7d806ff9699d82cde8b76d10f56a5f4c0eb0b273

SHA256
03f786a8092e7fdae2047b9b6476ee822732f02152fc588cc49cb785c86eaff2

SHA512
9360416098cb633757b7eeca060aa04d5296277c4cdd449ab11dfac21decd068bb1eea7ca26f2c061afe2e139eb89b3d3619658b496d1fdaace283a89d940647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
958faa0b7dc34dd3c7fac7325a8dafb0

SHA1
6ed345abd105cce58d1bb280ce4baa2e9279dc74

SHA256
a1752e98e4982d01acb380c02daf7ec38b670a5bba032e2bc209a5eaa5194dd8

SHA512
d551bed0300232f404c74806ba0e00b3cdfaa805a8dc04ba268ccd35a577d49c451372ed503e66b93880ed6de6d54d80182fbb6a9944912d9db18e0179b9ea3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
982e8eb6ccf4e92933edf73372ee598e

SHA1
fd1d046fb1a3da345dcf10d7f18084d2db0992a3

SHA256
0fb5d80ce74506b27bf745c6757d2591071d0f2a62b8e48901f1e948416b365e

SHA512
5a242cc54af9ff42f9cd92fe54c6f50cf0a9c65c348465194684d3e35146e09070c5cc01ff75768aa44e278cacbe74b3bd25b13cc4078ba6549618ce42cc4c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abccd5d5c4e013f2b25d03863b81f1ca

SHA1
49cffac4c91c425b15fb43c2142457a43dc8aa4e

SHA256
2df66c8fe887743d8e2a7a185c4d9f342c213d29f0113018dd2eac81377cef53

SHA512
f6ba96e631ad2b6b5589613ceb407eaddb388af2f235454bfdd6c269eac9683d7adb26e60ead05be1d5c8e07b1f877de62c0b5e78d26e734ccfb9f374a38d0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e393b5f0a730bdf224297884dffd616f

SHA1
b88a413e1b8168cde28c3bf43b8f044f2c4194d7

SHA256
577af61552bf5cd3a0af1594524b988059c10dd5b46b4f37077954decb390de0

SHA512
4137dc5e9cd1a720b5f7d2fab6fb6345f17df2e718c06859605a334debfa00a60f61a30f00439286e3a455261b4dd8c4e157ac35ed6a8fa4ae57ffc0da60157f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
884b37f0b2018bf710b3638278f1a356

SHA1
22342101e7fb6afbb4704a4c7ba71595b07dc00e

SHA256
bfd0e457be1569fec7ed712c66ff3246911c32e107e5c9d12d82e7bd8143efad

SHA512
fcc43208ac90f1f4e70d4ec9bc95dbaf068d2ab8c72dff0d7fed68000077f861c0877737528b26f6106fc54a6fc9ee56cae2608689a97b9192b5b03cfc789863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
666d682e2b7af7940dc3cef77592774c

SHA1
5a1ad8d586ee5d894794efab5a37db7bbbf89dfb

SHA256
4358e218092ae47be50642d8ffad39817079a02ecc6300d03efcf8c822f522ee

SHA512
2963fbb189444ba0093d90460dcb6d49bc2ac311f1da08ee3e477044031726935fd719ef362de59f5f08daee3073d34bdb02f1d9c3564125bb91dc77de587867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bb24e8da767a2a38a394db3620743d6

SHA1
ae206a6d42af596a7328858c636e20480c385126

SHA256
b1bfc9d990c871c3bc24763dfc8fd106d0843461d4229726deb1eb36a17bcc2c

SHA512
0bea3819de1b7aeed384e18714c8a09eeddb9524203acfb803149cebfeccae138d5943aa904d962d22b64190e07aaa1e5cb6938192f6674e1c41bb637e2f21e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54e4f7b676757653d2f0da9f6e22a6e3

SHA1
668294a1ad3a9cf3118242847fd0b623f676434a

SHA256
451446afed2996fbc92ead894d4bfcb7b0c92e6f0faa0f88a190e24a083d63d3

SHA512
b2c1642f280a0bbec2220350b7878e4e22b9b81dea9da0022fe33b379b3c91ae15169708037831f6f6c3e22e8b87f35f51d7f5becf8fbde97110a1eb48b7afd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d29fac6546e61ba241c320fb043e775e

SHA1
6cf7cfb133aecea926f8e50f31a7566a3a6e6546

SHA256
15e9ae05fa3005c4a60d7d385272c7be764f2c4b25788f82970c350ff53e4675

SHA512
982cb131f43794e4d5877eed0a5125099ba08dc2fb1530320f8d02de2bfc3f911b892940061228eb857616e740509fd7a1a7eda01c59084978f0d61bd0bfdf24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
2d410728bfaa30b083130d65bf714c31

SHA1
49c650bbe65cf4fb61979009a82b1180c41c434a

SHA256
c0e25c97111302648d0922aa26d4d62eb93f62b6cfc1cf2a3153d3792e27059f

SHA512
593aa1827e0987fa702d07e25954e1c51491d9c3fb47c21526a483d5d0a769b3a1c01cd309ae23523e0a9722993a525118f0d2cabfa0a091d28edff1fc6f228c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a233392d0b9385ae18136dce9c3212d5

SHA1
6ab327f1dc77b23230ba12faccf726121f2c675b

SHA256
4348b8809e51ae34c751ce1d5e1dfb425d154ca6132d8a7f0b9ae00be2997334

SHA512
d347077e0331ce2733917e7f5ee8c3b29435294aab31abb23594724686974c40ff622f4138325c131e88c837a44cefb508bcaf410208414a313efcd90ca7322f

Download Submit