hxxps://trk[.]klclick3[.]com/ls/click?upn=u001[.]I9LhpOxgCcXrD8xJgdEO8f9-2B9-2FazeTzXaJdPDb6Xc-2F5EbUj6hiWWLpvR0Fzj7TAwGHWIwfygYjFH4MhgD5FzTB3l7kH-2FQ88EY31gtRYR2MDOEyev6kJldnfHU23nuZ19aDfN9Ssfm0LnWZvmPRtt2K3LqJL-2FbCcCN7QY-2FsSzg4qvSdCYf6N47Fsmo5YX7belYq09WcnCuRUNaONtNv5Dkw-3D-3D9yS9_RSmWOI3fPdFDxAydigDPQ0uJwuQ-2FUs3Wu1xZT2pFOHtvwUa8-2Ftks3ld44BID-2BJgD3ps4M8U7HlIP10yVJ6ZeFikt7TQzYYEqFItZQGpVffMT7dj6Pu8z1pAF8q8oWMnz-2F4CedrtZ7BK4o9vleQN71n4p3MtNRVjjAx5PadKSvCnZv05lX1JcMxl-2Ba5d8llWHi1Pv-2BL9BdLrDYSiceQFa-2BON-2FLGkCzqu9HlO-2BbLAY2PTBSsap9apBhFzkVvXWYBe-2BR0pMvTKSd9vOUaPNbHBQi7DM44r2A-2Bp9QgbdY1-2B4HjhalGjDaU5icWhVIbVg9C-2BMk2aS5c6GxGCFnapMUoT99M8pu-2B9pe4IFUp9hIayI2DtYjc1dt0pxA1jhrt7-2FOxUM3Ba5lZDWTzhVi-2BFhLIGuGGmbHcewxKg0fs-2BJ-2FGqLhfSciZ-2BvsI3wLdt-2BF-2FePwtc5NO-2Bd-2FoYyTuzVHknfYK7Al0Q-2FFpnsg-2ByhC1kCD4tncRqwL6RAdUqZC9q2aUWjYQrs#gfk85759FJ#LCIsvE-SUREJACKZXdhLmdpZXJjQHZvbHZvLmNvbQ==

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk.klclick3.com/ls/click?upn=u001.I9LhpOxgCcXrD8xJgdEO8f9-2B9-2FazeTzXaJdPDb6Xc-2F5EbUj6hiWWLpvR0Fzj7TAwGHWIwfygYjFH4MhgD5FzTB3l7kH-2FQ88EY31gtRYR2MDOEyev6kJldnfHU23nuZ19aDfN9Ssfm0LnWZvmPRtt2K3LqJL-2FbCcCN7QY-2FsSzg4qvSdCYf6N47Fsmo5YX7belYq09WcnCuRUNaONtNv5Dkw-3D-3D9yS9_RSmWOI3fPdFDxAydigDPQ0uJwuQ-2FUs3Wu1xZT2pFOHtvwUa8-2Ftks3ld44BID-2BJgD3ps4M8U7HlIP10yVJ6ZeFikt7TQzYYEqFItZQGpVffMT7dj6Pu8z1pAF8q8oWMnz-2F4CedrtZ7BK4o9vleQN71n4p3MtNRVjjAx5PadKSvCnZv05lX1JcMxl-2Ba5d8llWHi1Pv-2BL9BdLrDYSiceQFa-2BON-2FLGkCzqu9HlO-2BbLAY2PTBSsap9apBhFzkVvXWYBe-2BR0pMvTKSd9vOUaPNbHBQi7DM44r2A-2Bp9QgbdY1-2B4HjhalGjDaU5icWhVIbVg9C-2BMk2aS5c6GxGCFnapMUoT99M8pu-2B9pe4IFUp9hIayI2DtYjc1dt0pxA1jhrt7-2FOxUM3Ba5lZDWTzhVi-2BFhLIGuGGmbHcewxKg0fs-2BJ-2FGqLhfSciZ-2BvsI3wLdt-2BF-2FePwtc5NO-2Bd-2FoYyTuzVHknfYK7Al0Q-2FFpnsg-2ByhC1kCD4tncRqwL6RAdUqZC9q2aUWjYQrs#gfk85759FJ#LCIsvE-SUREJACKZXdhLmdpZXJjQHZvbHZvLmNvbQ==

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653087957931247"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe
Token: SeShutdownPrivilege	3248	chrome.exe
Token: SeCreatePagefilePrivilege	3248	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 3500	3248	chrome.exe	85
PID 3248 wrote to memory of 3500	3248	chrome.exe	85
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3632	3248	chrome.exe	86
PID 3248 wrote to memory of 3736	3248	chrome.exe	87
PID 3248 wrote to memory of 3736	3248	chrome.exe	87
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88
PID 3248 wrote to memory of 4852	3248	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trk.klclick3.com/ls/click?upn=u001.I9LhpOxgCcXrD8xJgdEO8f9-2B9-2FazeTzXaJdPDb6Xc-2F5EbUj6hiWWLpvR0Fzj7TAwGHWIwfygYjFH4MhgD5FzTB3l7kH-2FQ88EY31gtRYR2MDOEyev6kJldnfHU23nuZ19aDfN9Ssfm0LnWZvmPRtt2K3LqJL-2FbCcCN7QY-2FsSzg4qvSdCYf6N47Fsmo5YX7belYq09WcnCuRUNaONtNv5Dkw-3D-3D9yS9_RSmWOI3fPdFDxAydigDPQ0uJwuQ-2FUs3Wu1xZT2pFOHtvwUa8-2Ftks3ld44BID-2BJgD3ps4M8U7HlIP10yVJ6ZeFikt7TQzYYEqFItZQGpVffMT7dj6Pu8z1pAF8q8oWMnz-2F4CedrtZ7BK4o9vleQN71n4p3MtNRVjjAx5PadKSvCnZv05lX1JcMxl-2Ba5d8llWHi1Pv-2BL9BdLrDYSiceQFa-2BON-2FLGkCzqu9HlO-2BbLAY2PTBSsap9apBhFzkVvXWYBe-2BR0pMvTKSd9vOUaPNbHBQi7DM44r2A-2Bp9QgbdY1-2B4HjhalGjDaU5icWhVIbVg9C-2BMk2aS5c6GxGCFnapMUoT99M8pu-2B9pe4IFUp9hIayI2DtYjc1dt0pxA1jhrt7-2FOxUM3Ba5lZDWTzhVi-2BFhLIGuGGmbHcewxKg0fs-2BJ-2FGqLhfSciZ-2BvsI3wLdt-2BF-2FePwtc5NO-2Bd-2FoYyTuzVHknfYK7Al0Q-2FFpnsg-2ByhC1kCD4tncRqwL6RAdUqZC9q2aUWjYQrs#gfk85759FJ#LCIsvE-SUREJACKZXdhLmdpZXJjQHZvbHZvLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc54bdcc40,0x7ffc54bdcc4c,0x7ffc54bdcc58
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2092,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3636,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3844,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3312,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4688,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5276,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5112,i,9738796478677299355,10244632268261630753,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c541f0f6b007b407642138c361c8e9ea

SHA1
46df7ae5cd27b4436f12819c692ac0421ab61c9f

SHA256
a5b55dc26b52721d9e6f915e4651b8fc5b1f40ce2bf201cdca14a389f99f26fb

SHA512
f21b0dd3a0f261c3c99b49527b10854f6857e2ef44b4db97f3d8b3b921e4a31cc80f73e8dc815aad514f8244df7a9b4a09a7824a0822a0a2d2e454a898068c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
75ac60db8db1ba66f0d94dcd62f4925c

SHA1
9fefcbcf03b71a8cc9e6079469ce292ee3e38142

SHA256
8a5e4f47d4faefd36fb08afe05a502154993e48e90f22a3191fcfd541a5e34f7

SHA512
d85ba8b136f73d28a2fc18a906babaf294a6254402ba331e2fc963fea343428e9084c348913ee9f19a255ad7bab2def14d98a9df212e94c6d1a859c12fdb7873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f026f73aa77721b4142a387e76ab3bba

SHA1
e7280469bbc3e00d9d91b5cea8bc51f45feaee22

SHA256
62e676b9f8bf260b86cf4dc43dbb30e5e7714ed020f3f1d06358d74a6f434aa7

SHA512
b85133f94c3d8bd1eb6d03bd42782fc9462ed35caa9bac96f6a7a0bc853ad238c021cca21fa2dc59ad87686e3496fe3285d69fc73994a33bfe2f9433a24261d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
ef5d9ffe1c7d25ee98d8c143fba5cf37

SHA1
c416a8617f6b32da92d46664e9040ac2dd10438c

SHA256
3dd6ce3610fe0795f9758ab8a8b9ee95cf9e2c9234863eeb05ba11e36dafac8e

SHA512
6979a9ebf0d5f57e836ccd6bdcc46d23d5b126f2275c43d4b7e3328f443eeb221ec0c45191e2afa4e7c6877c159cabd29355d33c194b1cd69e10c4a89c181c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b2a3d8d1c04f8fb3e296a56168995e4

SHA1
94a29afc2bbab9d081a88a628544daff9181b09c

SHA256
75223b9a34dd6fbb877782bb946674f08a47d528ddfee7671b125355c0a8c894

SHA512
8270d4bfd519c6066b4d8982845bef6463058c544a8ffebd8eca5c4e513251c5f60c037ac5c865791b56c2447300dea13ad2b7978813dc75ef963a7d68998542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
755aac6cd93c890cc53cc4389bbce07c

SHA1
8b5d386c9001925ab6550a46c79d880523c2377a

SHA256
e5045938d5197c8f73d24f564395c4c90d68938d06db5c1f76fad3dbd5b96dc9

SHA512
61a6345ab7ffc1f036b406003645a997b09bcf56c116d0a5e36ab12ca5db1f7dd5bf92e171b444af69ff3b3272fdf596fbaf9ffee7c5291dc019c29db97303ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5df8d7107a5233fa7fd581aac202afa

SHA1
5841536712199b8cc0541975bfbc05b2ed3ab155

SHA256
848be18b8a913d136a9fbc9ecd5feb96af777e9006d6db50d70df429e5648852

SHA512
63d3cad3f4d1c2426423b2af4b0d207af06374527c8e58da48a2f5a4e3ac81d787c2b15aa00021ef001a327404ba0c6f30bbd752db1644719f3f6ab514781dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41802e56637b8b57613e4643a8537d1e

SHA1
de31281052b4ebf3ee5514b91d9aee58ea696c1b

SHA256
5df36095a3374a82b62dae9ca3e8c65522fdbc9845c8c939d64b575e2c318cc6

SHA512
dcb7fadd0a2f90d1c04b0005d044340c77eda773f62d777e8a389db3aa52d8ec289fa5c4e8d7d15f9132d054d2c03b6c95f37c749780663aa26c8f6dd1179fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26867c0696aed548bc7e15e8d5f4db3a

SHA1
007a3bb332b8c3b3e4781d3773f518ac8a7eed40

SHA256
6cb6f1a654609ee989c42fb92370ecce8206d0dee8a572861a02b982c89c3b37

SHA512
80d529c38980dfa922b4f9c6eff46f52e19e80b7da7064d356dc830ab9ae5782d6d0c1e1973e2bded16ed9209ef607a86354f205576bf20492574aa8d333cfa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e49c04a5403f8ab40acfd6509c00152

SHA1
2777b94a661a27d4d8853035cb2e666a916e4922

SHA256
d77491272ff62558251fb08577eb0a5e9bc86dee96c0fe386eefc84bd6cf9575

SHA512
ee4a336bbabb694bb1cfd86afc4709e553743cdf0f028c920137ee18f98002093d59d062e0f85d26726f26fdb79eacc35e360326e1855ab8c73442b34d7ecb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb13010fde4efbed0503e696c8a4e5ec

SHA1
554989fc2b307943c4b3d3cf77a2c24ed08c9458

SHA256
96f1a2fce0b7155bf4e90ad2c5ea6169371541f5a5fbd756142cfa3e8cccb1cd

SHA512
ada79bf4d3e12c417b05769880a24c17cd94e4c7df4817cadddce42bffa906f658a544b6576f12de1b4393f50420125d3477db995781dc598c8050e8de635dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94e17c56c322dc7b0db8a78fa33d5a1f

SHA1
69704b4116e6d9c61237a551e4d4ee6f57df0e18

SHA256
574c9273539baccff4d81198ae78d04b4546cd071927ca2bb5f84ff6c5d6c4a0

SHA512
aa2bc8b37fa2e4763b0f7002aecb276ae8495271d476b9ba1f76437fe1878355c120fd5de5d577a42dfbbebfe4952074d293cf1265b894d4968f0d37908f9862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b75acab6c83646bc1362531620be4f7

SHA1
242ea9df9a756eba60cbd09d251e8164a162a121

SHA256
a915a29a56661806ed76741125bd7fc6263974b8068698da10b3c2e831ff874c

SHA512
35b855beaef9325f664846c08bbcbe18f69a39ce633d6c1764a7d0464b532f8a5c86042820b33bc1ee7877387ca91467eebf4e9911bbb9cbbb5be092be019b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a481aef2f3a2112892d4e90da21a64da

SHA1
95a905d96e8f86391c69cdd64eac01f04a8fb998

SHA256
9d0f9d341345d71bf98ca43ff8e024ac5c1fe1d1d5bfda67aeb48b0e61adb576

SHA512
534c1ee876e9213a1bda1513645651882926120fa4ef8fb69e42143c1e10484bd1e835b21f5a026c7eabe1e1ba7e97ade5f886f0f5332363586f1bb23d05c135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
83705a3e37f3411244728a9d0c7f44b9

SHA1
2e50937f4f7ca8cac01a448b1ca47157ad6ec0ba

SHA256
283db0391449ca6087affd5c81fcd021b1c2439cafba921d2b2d984a60455d81

SHA512
18b2f8dacc84d5e47f32e32add1386aa10501b7f424a8b5b924aa6f89bcdd1339337a29dd542a5dee5b6ab03ed0e3f2965147a635d26e0823c030ef44904bc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
6a50d28481e4093a20f1525910f14ade

SHA1
71baa1234ca1b3995d403f124aa10a8b35850482

SHA256
19523310ee8585306aa9c12208d991883f6710967eda468cb24c1709f9fef670

SHA512
67dc970da4757a72e610ea39db69366eb9d9de7ef479120b2b1ed70ceb26196d9121c16c91e82e70f6c1db0fd2813ad4a83e51ed05f32d448c214a7615cd191f

Download Submit