hxxps://links[.]mindbodygreen[.]com/u/click?_t=ae6ef8698dae40fa9e8e68edd85d8d1b&_m=a15035a2cefe4d1f94cf963785c460b8&_e=BWK8Ok0PZ8qmKO452w2CM1g2NTHNRG0tPp41ECdnMe-83wnPBDX8S8N5WAV81B6d53deCbZldDm1UvzC6KMeqAh8NpC1-nbSPtXGatsLOzueiomWaUVYbKxtcpCBDVU822QO_uVp6ZTPUzqVUYBm4g2VJMch3fbb_fv0ByMipCoswcQjwYjFRub7qVB_0QPn5BU1gmBdKvrmpRniXLSnv8fV5ZGVb_Nf5Bl0ILzU7C2Fy0BhZN73ffCyBDCMbnJC2JjDcCYzsaB7eZYPrcgbCxYcCDf4lVxabHLqTYtTKaVTFp7pO-1bQPE8oYTgPFLJ

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://links.mindbodygreen.com/u/click?_t=ae6ef8698dae40fa9e8e68edd85d8d1b&_m=a15035a2cefe4d1f94cf963785c460b8&_e=BWK8Ok0PZ8qmKO452w2CM1g2NTHNRG0tPp41ECdnMe-83wnPBDX8S8N5WAV81B6d53deCbZldDm1UvzC6KMeqAh8NpC1-nbSPtXGatsLOzueiomWaUVYbKxtcpCBDVU822QO_uVp6ZTPUzqVUYBm4g2VJMch3fbb_fv0ByMipCoswcQjwYjFRub7qVB_0QPn5BU1gmBdKvrmpRniXLSnv8fV5ZGVb_Nf5Bl0ILzU7C2Fy0BhZN73ffCyBDCMbnJC2JjDcCYzsaB7eZYPrcgbCxYcCDf4lVxabHLqTYtTKaVTFp7pO-1bQPE8oYTgPFLJ

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661245215141579"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 1848	2648	chrome.exe	84
PID 2648 wrote to memory of 1848	2648	chrome.exe	84
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 3084	2648	chrome.exe	85
PID 2648 wrote to memory of 440	2648	chrome.exe	86
PID 2648 wrote to memory of 440	2648	chrome.exe	86
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87
PID 2648 wrote to memory of 4336	2648	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://links.mindbodygreen.com/u/click?_t=ae6ef8698dae40fa9e8e68edd85d8d1b&_m=a15035a2cefe4d1f94cf963785c460b8&_e=BWK8Ok0PZ8qmKO452w2CM1g2NTHNRG0tPp41ECdnMe-83wnPBDX8S8N5WAV81B6d53deCbZldDm1UvzC6KMeqAh8NpC1-nbSPtXGatsLOzueiomWaUVYbKxtcpCBDVU822QO_uVp6ZTPUzqVUYBm4g2VJMch3fbb_fv0ByMipCoswcQjwYjFRub7qVB_0QPn5BU1gmBdKvrmpRniXLSnv8fV5ZGVb_Nf5Bl0ILzU7C2Fy0BhZN73ffCyBDCMbnJC2JjDcCYzsaB7eZYPrcgbCxYcCDf4lVxabHLqTYtTKaVTFp7pO-1bQPE8oYTgPFLJ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4626cc40,0x7ffd4626cc4c,0x7ffd4626cc58
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5008,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4808,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3832,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5036,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5032,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5400,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5380,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5804,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3884,i,16455353665089466356,18066623117054571359,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3040

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b6076d3cb5e2f5a942bfad7c895247c2

SHA1
01e981a8742d2089a3caaadd9bf91e9b7fe34976

SHA256
1eacdac915265ac0aa4c06fc4e7a851fbdafe574a593e12e48c2e7d391932531

SHA512
c0a4132231300e8b0cc33639b7662a4a24923d0d0b227ceead7aeb8fd8c278be6805e973f59f6f6884d3d0313867aa1e25d581f3bf7f8cadfbdf8e6b315bcc80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2a414391ee2453722e53369c6d87615b

SHA1
60f65838362e90cfbd36c103c5d78c80a1d3b027

SHA256
d663aa117439d09de64381d57d2af886d01e3be1e4465198f80982c07efe67dc

SHA512
4f0de14bed3d6b242a086079e193a451b5b1b656f03dc25befc72d10061e67778c5fdd3880b42e2cd5d87dbe1ad55b64e4d916baf5c62f58d50f7a78481d4468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
41c5e2921b546c943ecc20a029a71aad

SHA1
233e5ec67d00bd2ba77001ff067a7addfcda67e1

SHA256
247a9882fb8f6007ec0e72d2583971e5a01d7d3c59223694febb0d2d37e7be1e

SHA512
de5e5c84346538eaf4a7f0ba7111291a995dde0f820a3f494d61a85a1390444b862e4c42572663afd7f02dbde509e33d51961c4662d76c4d878fe4c867fd0387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0b44d1ce9f1e58980c189f58ec8eec54

SHA1
3667fcd75fa8495dd5831cbef737e695a345a2bb

SHA256
ba29f5eb310e5e62a5ebe08ebbd7419758fdf332953048fff6a5ddc581787799

SHA512
34675d85442daece129c0fda3ae19a2493aee59575eb8ec5f211bd8a20426687b2897a8d184d6030701dd04e3177181e95e2ac81a2e9db4a141e8da450984b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
332c7e6f361e67b34a51ebe6c9efdbb5

SHA1
347a4769c7687944fb886406efaed91322243772

SHA256
2ad08528ee8283f40f239f2868e9ff2af85687b355e45a70c567fd731e01bb10

SHA512
c91bb2c524f896de55a180c7f02f3bddaac19f5dfef14ebb75cc3d0736d06f866d1d1faa6fba4f0d6fb66b9714e3c86014e9cb036cb787079d62174f299ec8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f251cf826ee03577dd224cf5ec6c1d11

SHA1
e8d26cab5512f62edc44ce268315ff026d15c0fb

SHA256
fcd2bc0bfcd5c7cecc76617c99105cbbd556f96aad00f1c53c080f179895514a

SHA512
2c4b15c21bdb2baf2ef248cb1d26a9c598da198f0a8136f34537cc0fa69cf7bbda9e52c4bdf0454db16c3252ac464e9f195b3c4a287a48840cdffb0fdd8e1948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e12072e9dfb1e0224aea17bee37f5cbd

SHA1
721465a814aff8b748422a96e9985ae87f26c65f

SHA256
c368fa2fc4ebae08b6081d244740dc5ef111856060a4c885bb2af49fbb5cbc56

SHA512
e67e4fb0879aa45d381af9451809b9280651e4bc822fe27a93e8edaafcf7f2f5753fe365f639fbf9f18db426f2841b1988ba3af96decf41bfc3358e3bb3845a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be16fe370f31b48df2821e1982fb1a83

SHA1
9c895e6e51861fcb2b175cc5e18ba07745a1a66b

SHA256
d34b3daaa44be85699223ee807b1882a61404d2337ebbf18a18c6d2cee75348f

SHA512
2860843782d2cb7140cec8c4f4f41f5ff97f299060fc28014448a656964631065bf5096ea571e48d79308370e6fd3689b2cb67163596f1f7baf4f5081391d5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2b1e52bdb89ef311e5c5d3c9d4bdca5

SHA1
437d22ad88a28ccf4078b5675040469ced37eb54

SHA256
4c38d90194b43c513ceed0ac1bf8b5900d63525845cc595bb75fe3037decedf3

SHA512
6323c47519695207fdac07310fc7cf1a44377a0545eda680de57888ca19e92766d8630a02674b8320bcc9814f56a0abbcdfb550c0b8d10e1ebd9c21f055e62b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a52f513dc5116173d2bb004403054f98

SHA1
27e29154c00785d02fbfb6077190a626f3679645

SHA256
7c4359e96579de55b0d4e2e452175590d1e0f86d2770a659c9044e68654674c0

SHA512
57c3e7be124ed89a5facd4213433d277e9f0765706ef0263aabb58b2137a522c6ccca267c89de2089721ec8fdc397e7c52432bf02e38555b62afd5131ebefbf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4be0d0388520f98c9da04a2e521e108

SHA1
afed61173c8ef9c0a775217a404f094a9f8d9272

SHA256
8987491825bc1d35c063dbae32f7629c54886236c7caad30076b287f9a077b4c

SHA512
77c46ddb5a5455ec927f73c131d919d6271fd37983ff1a664742c2c4d3bf6079098f65c50080b7cbc84071e589ef097e6df8012f14be1fd916e9bfc7aece039b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52ceb615be3e98eb43c916646e7d789b

SHA1
eebfdff58643f73499d0b626a4107e0df8a37dcf

SHA256
2407c3a6fbe99092baa9a674147b7327fb14316d09aee500f3cb6e9ccbe793de

SHA512
b335847bf4e57680e4c9dac3a3aaba872d675827f22ef9a60fab19b2608f911e19c3a5eaf3ffdfe8aae0d2fd31ef1474c03d3480eaacd09b62631ac9d8b8c137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
808930e4dc408a47a1da847a3a5e236e

SHA1
d95d1027b6d7e29b358e73b4f38c7fb17df125ae

SHA256
cfad025afb8bb5dea248046cf736671864d71486e482d48d0842b037d3e154ac

SHA512
f06a801759ac1142457d501c4e81eafb6b04a36022e363d1109965ffcf4e809e3a803f2e5c86c8a7c6fe957491a8e5b2bf3e94c4a7abf7b9fddafe88c65c54ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b50183211d716a41bcb013631b78f977aa0eaf8b\index.txt

Filesize
125B

MD5
e86a3aa0cde9764ae84cb1d35896d1df

SHA1
f427bf089677fe133accc2ce2e7df05fa56656d7

SHA256
d5efab3337600109dee88493835e75a1d2518dc7c5efb0908c3b3219de69f320

SHA512
05e671aba37822514c5a62276dfaaebbe4de214b154ebe2087430932e428f2802ee0c1e8fe28e6296f4b8834cbe12bcd64e17fc0b0b8993c868db0f920a10250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b50183211d716a41bcb013631b78f977aa0eaf8b\index.txt~RFe58414a.TMP

Filesize
132B

MD5
3aabd475611e0b90199eab68911ed2bf

SHA1
521eb9fd12548062582d613dd9e5521ddec3963e

SHA256
692e1906b948a2667a67edb45292c567808c4f84a0ea654c846017df78fc1ed9

SHA512
2b19f4e1f7814b7cfecc68ea793fde8c5c725e02f57a24a814d2d6ab480c634003241d74b4e78925268be3d1ffd2f5b6b9c182910a11fc5cc6c38ab0c6901544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
6fbb7cbaee66a707117193f7f60e8b2f

SHA1
badc266fe96205e810fe980a8f62c6433238fb37

SHA256
831f604cc8b956f8b4c80e71d8b5be2dfbe6addcd45b4885ed6a0a624df410ac

SHA512
601ab1e403bee757ff66465cfcde51f6467ba85b65b2171d988c37b0ec39dc7d2b80f37760b65d9d7037dbf29f0fefd2a1c0ae8eb3a69096ba0933b50db9d9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
fff2bf0e3fb94e1fa74ea9bdae64e2d6

SHA1
cc441bd4805b7f4800826204c77886c468124a62

SHA256
2ecf1b1426f6defccefc9b266c4c1c57967556d3cf2932960fcf6bc57fa682e7

SHA512
20fd64f4ba427ef7f140e19d928c687b8c2743513f35c0b22f5343a24faf6a0be54374abd7a14e8ef6379cc38fe3b83c86872130fb96cb73b764a863ec2a7c41

Download Submit