hxxps://www[.]googleadservices[.]com/pagead/aclk?sa=L&ai=Cw68zK2BOZqrYD4nP9fgPucuSsAGHjYa4d72YkfnSEp7rgMX0QRABIIaPgAJg-bvvhOQvoAGmv6m6A8gBBqgDAaoEiwJP0G_uXKdsfvuf6FAG9CF9XpR0LejCNMkqqvv1UEIJszt-CNGLqELW5UPD3z51ZF79v8YKLkpxPAmL6PA-conCYeKn0ggy8ync9_WxcjW_3a_HPKy6N8t7bbYqDGXC9dPslza80VfTOhig1f9ewiycwVFGY0myuKhNV-4G0X5Z_M-eoBx_3rsUepO8vyNN7FfJF4qlEtlqJPoINqSeM-MRn3nmkH9ffDrYnieGwCFd_U3SSRKukLzjWKB6YDVZq3dFc8WWSzL8WENV86QnhjVlEgKX2JfwJAgNRohdSoPR69BopgRcxlRp36Al6T-2yhPS-FeHP9hka8QZoGxDEckAzYGfVy8Omo6lqJ7ABP6z4YTiBIgFnMDMzU6QBgGgBjeAB-nd0ZYFiAcBkAcCqAezmLECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-DgG6gH7paxAqgH_p6xAqgHnbmxAqgHr76xAqgHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAfgvbECqAf_nrECqAffn7ECqAe2rbECqAfKqbECqAemv7ECqAfrpbECqAfqsbECqAeZtbECqAe-t7ECqAf4wrECqAf7wrEC2AcAqAgB0ggmCAAQAhhCMgEAOg2_8YCAgIAEgMCAgIAgSLfmvyFY8fKv15aihgOxCeYSe-S4nLDWgAoTmAsByAsF0AstgAwB2gwRCgsQ4Lrz6J-kuPrHARICAQPoDAmaDQEtqg0CTUHIDQHYEwuoFQHQFQHYFQH4FgGAFwGyGAkSAotUGDciAQHoGAE&ae=1&ase=2&gclid=CjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE&cit=CkUKCQjwr7ayBhDyARI0AL3oCdEMyO4fpijyxopk-ny5DzclR4B_GenNI-CMZb5kn_RKNbTGfAhjPV_ztitqLFiAeBoC1Snw_wcB&num=1&cid=CAQSIgDaQooLAAKTAZp8kD4kn0D_4iXNo6G3DBxWjzIVnepMDF0YAQ&sig=AOD64_0NMPSPkz_nBTsy6TNcMMaLl1LjCQ&client=ca-gmail&label=gmail_message_ad_external_click_v2&adurl=https%3A%2F%2Fwww[.]coursera[.]org%2Fcareer-academy%3Futm_medium%3Dsem%26utm_source%3Dgg%26utm_campaign%3Db2c_emea_coursera_ftcof_career-academy_arte_march_24_dr_geo-multi-set3_pmax_gads_lg-all%26campaignid%3D21103949440%26adgroupid%3D%26device%3Dc%26keyword%3D%26matchtype%3D%26network%3Dx%26devicemodel%3D%26adposition%3D%26creativeid%3D%26hide_mobile_promo%26gclid%3DCjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE

Analysis

max time kernel
210s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:25

Sharing

Behavioral task

behavioral1

Sample

https://www.googleadservices.com/pagead/aclk?sa=L&ai=Cw68zK2BOZqrYD4nP9fgPucuSsAGHjYa4d72YkfnSEp7rgMX0QRABIIaPgAJg-bvvhOQvoAGmv6m6A8gBBqgDAaoEiwJP0G_uXKdsfvuf6FAG9CF9XpR0LejCNMkqqvv1UEIJszt-CNGLqELW5UPD3z51ZF79v8YKLkpxPAmL6PA-conCYeKn0ggy8ync9_WxcjW_3a_HPKy6N8t7bbYqDGXC9dPslza80VfTOhig1f9ewiycwVFGY0myuKhNV-4G0X5Z_M-eoBx_3rsUepO8vyNN7FfJF4qlEtlqJPoINqSeM-MRn3nmkH9ffDrYnieGwCFd_U3SSRKukLzjWKB6YDVZq3dFc8WWSzL8WENV86QnhjVlEgKX2JfwJAgNRohdSoPR69BopgRcxlRp36Al6T-2yhPS-FeHP9hka8QZoGxDEckAzYGfVy8Omo6lqJ7ABP6z4YTiBIgFnMDMzU6QBgGgBjeAB-nd0ZYFiAcBkAcCqAezmLECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-DgG6gH7paxAqgH_p6xAqgHnbmxAqgHr76xAqgHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAfgvbECqAf_nrECqAffn7ECqAe2rbECqAfKqbECqAemv7ECqAfrpbECqAfqsbECqAeZtbECqAe-t7ECqAf4wrECqAf7wrEC2AcAqAgB0ggmCAAQAhhCMgEAOg2_8YCAgIAEgMCAgIAgSLfmvyFY8fKv15aihgOxCeYSe-S4nLDWgAoTmAsByAsF0AstgAwB2gwRCgsQ4Lrz6J-kuPrHARICAQPoDAmaDQEtqg0CTUHIDQHYEwuoFQHQFQHYFQH4FgGAFwGyGAkSAotUGDciAQHoGAE&ae=1&ase=2&gclid=CjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE&cit=CkUKCQjwr7ayBhDyARI0AL3oCdEMyO4fpijyxopk-ny5DzclR4B_GenNI-CMZb5kn_RKNbTGfAhjPV_ztitqLFiAeBoC1Snw_wcB&num=1&cid=CAQSIgDaQooLAAKTAZp8kD4kn0D_4iXNo6G3DBxWjzIVnepMDF0YAQ&sig=AOD64_0NMPSPkz_nBTsy6TNcMMaLl1LjCQ&client=ca-gmail&label=gmail_message_ad_external_click_v2&adurl=https%3A%2F%2Fwww.coursera.org%2Fcareer-academy%3Futm_medium%3Dsem%26utm_source%3Dgg%26utm_campaign%3Db2c_emea_coursera_ftcof_career-academy_arte_march_24_dr_geo-multi-set3_pmax_gads_lg-all%26campaignid%3D21103949440%26adgroupid%3D%26device%3Dc%26keyword%3D%26matchtype%3D%26network%3Dx%26devicemodel%3D%26adposition%3D%26creativeid%3D%26hide_mobile_promo%26gclid%3DCjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE

Resource

win10v2004-20240426-en

windows10-2004-x64

8 signatures

150 seconds

Report Analysis Logs

General

Target

https://www.googleadservices.com/pagead/aclk?sa=L&ai=Cw68zK2BOZqrYD4nP9fgPucuSsAGHjYa4d72YkfnSEp7rgMX0QRABIIaPgAJg-bvvhOQvoAGmv6m6A8gBBqgDAaoEiwJP0G_uXKdsfvuf6FAG9CF9XpR0LejCNMkqqvv1UEIJszt-CNGLqELW5UPD3z51ZF79v8YKLkpxPAmL6PA-conCYeKn0ggy8ync9_WxcjW_3a_HPKy6N8t7bbYqDGXC9dPslza80VfTOhig1f9ewiycwVFGY0myuKhNV-4G0X5Z_M-eoBx_3rsUepO8vyNN7FfJF4qlEtlqJPoINqSeM-MRn3nmkH9ffDrYnieGwCFd_U3SSRKukLzjWKB6YDVZq3dFc8WWSzL8WENV86QnhjVlEgKX2JfwJAgNRohdSoPR69BopgRcxlRp36Al6T-2yhPS-FeHP9hka8QZoGxDEckAzYGfVy8Omo6lqJ7ABP6z4YTiBIgFnMDMzU6QBgGgBjeAB-nd0ZYFiAcBkAcCqAezmLECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-DgG6gH7paxAqgH_p6xAqgHnbmxAqgHr76xAqgHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAfgvbECqAf_nrECqAffn7ECqAe2rbECqAfKqbECqAemv7ECqAfrpbECqAfqsbECqAeZtbECqAe-t7ECqAf4wrECqAf7wrEC2AcAqAgB0ggmCAAQAhhCMgEAOg2_8YCAgIAEgMCAgIAgSLfmvyFY8fKv15aihgOxCeYSe-S4nLDWgAoTmAsByAsF0AstgAwB2gwRCgsQ4Lrz6J-kuPrHARICAQPoDAmaDQEtqg0CTUHIDQHYEwuoFQHQFQHYFQH4FgGAFwGyGAkSAotUGDciAQHoGAE&ae=1&ase=2&gclid=CjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE&cit=CkUKCQjwr7ayBhDyARI0AL3oCdEMyO4fpijyxopk-ny5DzclR4B_GenNI-CMZb5kn_RKNbTGfAhjPV_ztitqLFiAeBoC1Snw_wcB&num=1&cid=CAQSIgDaQooLAAKTAZp8kD4kn0D_4iXNo6G3DBxWjzIVnepMDF0YAQ&sig=AOD64_0NMPSPkz_nBTsy6TNcMMaLl1LjCQ&client=ca-gmail&label=gmail_message_ad_external_click_v2&adurl=https%3A%2F%2Fwww.coursera.org%2Fcareer-academy%3Futm_medium%3Dsem%26utm_source%3Dgg%26utm_campaign%3Db2c_emea_coursera_ftcof_career-academy_arte_march_24_dr_geo-multi-set3_pmax_gads_lg-all%26campaignid%3D21103949440%26adgroupid%3D%26device%3Dc%26keyword%3D%26matchtype%3D%26network%3Dx%26devicemodel%3D%26adposition%3D%26creativeid%3D%26hide_mobile_promo%26gclid%3DCjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608867641689181"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2532 chrome.exe
2532 chrome.exe
1848 chrome.exe
1848 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2532 chrome.exe
2532 chrome.exe
2532 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2532 wrote to memory of 3592	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 3592	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1716	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 3544	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 3544	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2564	2532	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.googleadservices.com/pagead/aclk?sa=L&ai=Cw68zK2BOZqrYD4nP9fgPucuSsAGHjYa4d72YkfnSEp7rgMX0QRABIIaPgAJg-bvvhOQvoAGmv6m6A8gBBqgDAaoEiwJP0G_uXKdsfvuf6FAG9CF9XpR0LejCNMkqqvv1UEIJszt-CNGLqELW5UPD3z51ZF79v8YKLkpxPAmL6PA-conCYeKn0ggy8ync9_WxcjW_3a_HPKy6N8t7bbYqDGXC9dPslza80VfTOhig1f9ewiycwVFGY0myuKhNV-4G0X5Z_M-eoBx_3rsUepO8vyNN7FfJF4qlEtlqJPoINqSeM-MRn3nmkH9ffDrYnieGwCFd_U3SSRKukLzjWKB6YDVZq3dFc8WWSzL8WENV86QnhjVlEgKX2JfwJAgNRohdSoPR69BopgRcxlRp36Al6T-2yhPS-FeHP9hka8QZoGxDEckAzYGfVy8Omo6lqJ7ABP6z4YTiBIgFnMDMzU6QBgGgBjeAB-nd0ZYFiAcBkAcCqAezmLECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-DgG6gH7paxAqgH_p6xAqgHnbmxAqgHr76xAqgHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAfgvbECqAf_nrECqAffn7ECqAe2rbECqAfKqbECqAemv7ECqAfrpbECqAfqsbECqAeZtbECqAe-t7ECqAf4wrECqAf7wrEC2AcAqAgB0ggmCAAQAhhCMgEAOg2_8YCAgIAEgMCAgIAgSLfmvyFY8fKv15aihgOxCeYSe-S4nLDWgAoTmAsByAsF0AstgAwB2gwRCgsQ4Lrz6J-kuPrHARICAQPoDAmaDQEtqg0CTUHIDQHYEwuoFQHQFQHYFQH4FgGAFwGyGAkSAotUGDciAQHoGAE&ae=1&ase=2&gclid=CjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE&cit=CkUKCQjwr7ayBhDyARI0AL3oCdEMyO4fpijyxopk-ny5DzclR4B_GenNI-CMZb5kn_RKNbTGfAhjPV_ztitqLFiAeBoC1Snw_wcB&num=1&cid=CAQSIgDaQooLAAKTAZp8kD4kn0D_4iXNo6G3DBxWjzIVnepMDF0YAQ&sig=AOD64_0NMPSPkz_nBTsy6TNcMMaLl1LjCQ&client=ca-gmail&label=gmail_message_ad_external_click_v2&adurl=https%3A%2F%2Fwww.coursera.org%2Fcareer-academy%3Futm_medium%3Dsem%26utm_source%3Dgg%26utm_campaign%3Db2c_emea_coursera_ftcof_career-academy_arte_march_24_dr_geo-multi-set3_pmax_gads_lg-all%26campaignid%3D21103949440%26adgroupid%3D%26device%3Dc%26keyword%3D%26matchtype%3D%26network%3Dx%26devicemodel%3D%26adposition%3D%26creativeid%3D%26hide_mobile_promo%26gclid%3DCjwKCAjwr7ayBhAPEiwA6EIGxG4VvIAv6EDQj-a8i-Jpq0WNhtUKs17bXaGTyOUNldJvW-4dl4dL_RoCcKUQAvD_BwE
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e05ab58,0x7ffb2e05ab68,0x7ffb2e05ab78
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2440 --field-trial-handle=1796,i,17465213036978996832,12556841933142321922,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
749297546dda659d32aed3a922c314e7

SHA1
eefd4dabef9297be8e19be1de9075ede71d4c9fb

SHA256
e9244e76de30e78c9495b5660c0527f7df9cf7ef68002895a4a06caf89b07a9e

SHA512
4ea1d7c0e60ce760b30c7e25568f09fc8a973e83245e524b5e141be0800838d6a89ae9244059ccc5ab36b4e37557bcb83feb1fce0db9e6ba7ae1f901e7696203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
165c49207ccc2c3b0cf63400698b0ba6

SHA1
adc297a45217a5451e8c446293a51b80b469c9b0

SHA256
f9c2c6250228b5b4efd6b4aa52b29d283150024d8926d67297c8a95fccc26ee7

SHA512
6a29a02f3efa56580de7732da2403abc27928f1b2a45b4cec829a233c4112d006c71cfcba248258c7d0814572980fb47549f74d05bf6841ea5c6763c637b1230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e6853d00c479b1fb8045abfe8c371e3b

SHA1
99187d4fb7e4d2918c7ee8a136e2aa7d9113b1fa

SHA256
8483efdbb27a5885b54b54aea6d1350915e5a845519cea693d93bc106097fca5

SHA512
c7973e56c1752c15cc1b89692c94a309df840116e5a87d31d8e82039b5687634a820770da7bf6acb20d617b62ce0c74a9cab3dd56b5a9b4307cfaf68c0543c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d5aec8a80a8488f1b26dfaa928f3b5b

SHA1
ec0263ac3e836ebfb7ae508590f547b178e33713

SHA256
61e2a1474a8d370dbbb78a7e92e11312cb840e9dccecabd739eb2295623e9f45

SHA512
3279b4124740167431f3cf5caa6c59ea607f18c30e9b56cf1bd5aef87711b3c0045367b3b072078bf4d08a74771e50fdfdca148501de09c58f67df687b48efc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f503da12334753e2a07a3fc5285a22c5

SHA1
22710d604d446ca766222c6bded389948b6e0992

SHA256
a3bc245a72cbec80328da56f00a7d1310874d3ee89ac0f357098e983baa37857

SHA512
2cfd2c628917af7a77ca891f5a64b574808176cbe9a3bfb8c7bb52a680e07cf2782b92a37667414529b36b2cf843424a73af8d5f6efbb417d4695c33f864be26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
548fd7aa3c3141590fcb75245520625a

SHA1
c9d2cb303e4aa6b82358830636be2ff246a62827

SHA256
665523f9f625b92283495daf305d729c66ceaf5d460a9e7e134152ce24be4d60

SHA512
48acf775a968222df447e328a48c02741c545749ba5f23097b089b27b62cd5d89d058a1485ec5c5b3578ce42523136544f65896a76c9181e2931fad90acf4426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f039cf8f5804b68b29de6fbc1de3e0db

SHA1
a21788f2e590183bab9b4824586365560623ede9

SHA256
0dc626a860ff87b2b53014fdc625cc33060febcb4f4f1eed5bfff6cc5bee90ca

SHA512
291e629bd2d05d7990a4c46a9164b390dc342cb41f5cd62d725269cfa4f816bce7d3aeab28eae965ad791596ef2bb363516954046b885095011f1a0acbd2c0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d8c26d928af3c663742ee758779d927e

SHA1
a8b7487a7e194cf2a58f661eacd50a71edc28405

SHA256
8fa1f3ce27526f7329762ec13a7a10dad1c2dc5e00912ea6a0e5eff8196a9d97

SHA512
c19b78afa7b4e2174afaf3e7da4b2201790e33d45f81e4e8f1b73dbbeb92b4f7af585321c5d571a99987a166004848b963b100f74f7636eecd71d41675129fa1

Download Submit
\??\pipe\crashpad_2532_RWJECIFTWVPBHAOI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit