hxxps://trk[.]klclick2[.]com/ls/click?upn=u001[.]gkGGhpR98fDJvG3K6f6zW-2FHt4-2F5AYyHYYw95-2FlCibKeUGNKKbC-2B80LdG-2FSVwHrGb94fvW86vxfmkGk9tIhXC7TSxGSO2eTSeRh-2Byak8RgARExxPuLMcqypnLE3P3mrUG9Hjb8GGmrk8HY9XAFDW9doiClHkVSWcz006NpKZMZoQUrsOLsQmMW5MnxK6SzDk8-2FzcARMOHDTzg1Nnt64cv-2FA-3D-3DxkvG_IU7x2mKiTXwLCU0VW83CnzUuH8V-2Fra77h3094IsK0vw2r1aC6berG4tJfVJLRmLRzAkscxmHRYjr3CKtna6GEI45Zfrw-2BfaIONLjbUumi3v5e4SaiOodozQF5eQjIX5FFTPzg6uxoqJiMSfCcYVhGftmBOK8d8ThRx2PzezRCMDqqlcqPFciXbAEe6v1uAksd3ZSMXDXcXVOe5hJ5G7smFcfq20fV5siNueLeOyhzod36y6wSR-2Fq4Xv6TH5YWN5wP90uUUntaJmFfFXqwVn28ry88mgPs-2BggvpDuiU78ulvujzy6fDdR6Uh9ibz1DSIjqlYwOR-2BYnX5vN7Y77AKUnMzbztG66-2BJA9CU4cQsnF2gIE7a83TlOUCURAFfE22kjS98u-2FyZ9dCN5JLv3N2qXI5kTFCn3d9IXoukYauFp31-2FJsN3wwKvFdxFm-2B7rfAYV-2FYHxZsq-2F39YuX3Jn57Jwsw2KfPJhxhx93n9RxTpUISRmS6jUSzgTLkpwAAAiIeTio

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk.klclick2.com/ls/click?upn=u001.gkGGhpR98fDJvG3K6f6zW-2FHt4-2F5AYyHYYw95-2FlCibKeUGNKKbC-2B80LdG-2FSVwHrGb94fvW86vxfmkGk9tIhXC7TSxGSO2eTSeRh-2Byak8RgARExxPuLMcqypnLE3P3mrUG9Hjb8GGmrk8HY9XAFDW9doiClHkVSWcz006NpKZMZoQUrsOLsQmMW5MnxK6SzDk8-2FzcARMOHDTzg1Nnt64cv-2FA-3D-3DxkvG_IU7x2mKiTXwLCU0VW83CnzUuH8V-2Fra77h3094IsK0vw2r1aC6berG4tJfVJLRmLRzAkscxmHRYjr3CKtna6GEI45Zfrw-2BfaIONLjbUumi3v5e4SaiOodozQF5eQjIX5FFTPzg6uxoqJiMSfCcYVhGftmBOK8d8ThRx2PzezRCMDqqlcqPFciXbAEe6v1uAksd3ZSMXDXcXVOe5hJ5G7smFcfq20fV5siNueLeOyhzod36y6wSR-2Fq4Xv6TH5YWN5wP90uUUntaJmFfFXqwVn28ry88mgPs-2BggvpDuiU78ulvujzy6fDdR6Uh9ibz1DSIjqlYwOR-2BYnX5vN7Y77AKUnMzbztG66-2BJA9CU4cQsnF2gIE7a83TlOUCURAFfE22kjS98u-2FyZ9dCN5JLv3N2qXI5kTFCn3d9IXoukYauFp31-2FJsN3wwKvFdxFm-2B7rfAYV-2FYHxZsq-2F39YuX3Jn57Jwsw2KfPJhxhx93n9RxTpUISRmS6jUSzgTLkpwAAAiIeTio

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662364500940469"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 1276	3836	chrome.exe	84
PID 3836 wrote to memory of 1276	3836	chrome.exe	84
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 4524	3836	chrome.exe	85
PID 3836 wrote to memory of 872	3836	chrome.exe	86
PID 3836 wrote to memory of 872	3836	chrome.exe	86
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87
PID 3836 wrote to memory of 3536	3836	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trk.klclick2.com/ls/click?upn=u001.gkGGhpR98fDJvG3K6f6zW-2FHt4-2F5AYyHYYw95-2FlCibKeUGNKKbC-2B80LdG-2FSVwHrGb94fvW86vxfmkGk9tIhXC7TSxGSO2eTSeRh-2Byak8RgARExxPuLMcqypnLE3P3mrUG9Hjb8GGmrk8HY9XAFDW9doiClHkVSWcz006NpKZMZoQUrsOLsQmMW5MnxK6SzDk8-2FzcARMOHDTzg1Nnt64cv-2FA-3D-3DxkvG_IU7x2mKiTXwLCU0VW83CnzUuH8V-2Fra77h3094IsK0vw2r1aC6berG4tJfVJLRmLRzAkscxmHRYjr3CKtna6GEI45Zfrw-2BfaIONLjbUumi3v5e4SaiOodozQF5eQjIX5FFTPzg6uxoqJiMSfCcYVhGftmBOK8d8ThRx2PzezRCMDqqlcqPFciXbAEe6v1uAksd3ZSMXDXcXVOe5hJ5G7smFcfq20fV5siNueLeOyhzod36y6wSR-2Fq4Xv6TH5YWN5wP90uUUntaJmFfFXqwVn28ry88mgPs-2BggvpDuiU78ulvujzy6fDdR6Uh9ibz1DSIjqlYwOR-2BYnX5vN7Y77AKUnMzbztG66-2BJA9CU4cQsnF2gIE7a83TlOUCURAFfE22kjS98u-2FyZ9dCN5JLv3N2qXI5kTFCn3d9IXoukYauFp31-2FJsN3wwKvFdxFm-2B7rfAYV-2FYHxZsq-2F39YuX3Jn57Jwsw2KfPJhxhx93n9RxTpUISRmS6jUSzgTLkpwAAAiIeTio
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffef3b3cc40,0x7ffef3b3cc4c,0x7ffef3b3cc58
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3780,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3408,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3276,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3380,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=208,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3128,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4692,i,12436638883922068456,15101781796110959099,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1088

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7ceda2d0250b031e7191ee159503f814

SHA1
cab1b00e42a8791ff17213fdf429bda6f4b42b46

SHA256
d36855cdee8e98b4bef924f201fdfeadb827080bd31619b3daabea8af8343ccb

SHA512
97834b8dcd365e78b240a52a8b50f149995470899b126736f94e679290141b0ea4a7e75ba920b9f393c1990c6b01ab2b6f6bff2579345320b79089325d1a9e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b80c29e06e26b9f81a1db6819493a1bd

SHA1
01a0ba044ca63ea1657e0d855ae88076c0db24d0

SHA256
45abd4ae43ebe9842f4fc97aff71cec15ad763efe861f3820a5ce8f8586793af

SHA512
001f1260edcc543eb8096e57c09f3a810857ff0b7141c6aac753be8c61337c112425aba2c8617d07ecf7bec460798bbbcbfceee23b706cd847d393efd8945d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2d365951571799208ed0b2ac1ee1de8

SHA1
a038cedca21c75f06054cdf0e852b9e17beb8bf8

SHA256
912727f4916da44648f5a402d1753e8ae7c34e81b5718d54fadbe7c9fd42c853

SHA512
253777d667e041f3156e26807a006b5243742d60765b346cb70340ee8d741e67f1e384da5ffd22d9f01b3d800ca3623bf74f75843a4da03f23ae4e224c039024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
636a8a37d474753ea2b0cb74fb9265f2

SHA1
2093b4e38b5a4054a2a58123161ddd81035473ed

SHA256
105de1c430d398a572e1144e232e8224c744012dea483a1047c16b800f16f19b

SHA512
1d5d2aaa6ab7033c280ff064435878e078c1a0aaa555c1baa939fdfbccd73be3378ec57258ec51e601a30b627b50f38b3b950cb95216be1a12d3ddc31a154ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cd8f35079385bf5ec24997205263246

SHA1
991ab53a170b4524144900d2ca7067d9828b1127

SHA256
9ae313ea465d128dc4f16ef7090653fa8166592982faa110f987e5683826720d

SHA512
75d98a8afdbdc3215dda7d3c534378ee9df13136f1792f77b5dd4996a9bb8043242efc7cb943b2a35dbdf1064da1a344efaa20a12cee74366a93a2ad5459c344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f214efceb1a180b00d523b860a128c4b

SHA1
3ff8e7153585381fbc367f379dc6fa7e993253b8

SHA256
11cd50059b6749b1a4d6f131993fe31896b78f49505f6c1330e02abf6da5cf35

SHA512
10667ee0fdfa13b06b9eb7a8a3ca34c1fa77b3ad48c776c0aa1807c6ef09aebde4af7d1f451cc966625d80c45e08548b6b51ce520b6bcde56e783e5e58298570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c34a7f8e1b3bb0d3ad302ade91d24ee

SHA1
839640a2c77b3d14454eabf3992f3cba4fe7d634

SHA256
8653075492e2c71063bf97535f3d39a9be812e2179cfac25393935b33ca724e8

SHA512
32d7a497355f73274026d2d81b980a92461a80b0fab29cd2f8598a40ee2aef63a49eed0ea9787ec0867f1056fad47229b2ecf3e6cd7f8c80ec5791ffd8e88ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c7ad62aafe3d5cd24859f84b0601e28

SHA1
5cf81c167ca45f03b1a481b550444e118480825f

SHA256
4f3e0c16aff07a80f085236171a3e6d736bce4df77e109a15923b44740bdaa6d

SHA512
b2df9f5c027428a6a216bdd5c020145286371a88f1945386bb86c7c532a13df8773dbabdf0f0fbf3339c0ff118296ab8c22c9c86f3c42835e042404e9a391a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fad271dedfb064be0574e1c570288fd

SHA1
c8141335838871487804317043ea720fbc0aacad

SHA256
1e52d09573f572049b403734e8021a79242ba5e0c07ede0ed2ebe9926091a013

SHA512
6da6d18521e997f5f864f195348571f883173c4c758e281feef9a19f783d9b1dce0053e6307ffe3c477c28670fbf02a612a7fee2e2a54e2e9bd44452afa361a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
e2e942a6287ec41ef8f2ff513d059886

SHA1
eaf11d313e770ea6117d3b0fb7ba44a6f121e587

SHA256
d259de4b9525580b23cdf7de7ab1bf3383654a77eec10a9710084fbcf3f8758c

SHA512
f938359defcb9cc0b6e090b24cec32e48fc3c6ee04b4532f52098b5ebb50fa41300a7947609f21981544e5e814afc7abf426edda1a1046e7244fc32c87d3343f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
f1236d91dc69db54bdcd6b113db6a293

SHA1
92d3099cdf40d47625fca467c3218d83f6369286

SHA256
238237d593bb765c601f53eec936d37f88a2125564f16313f9a19ed0f7187641

SHA512
b1b80076683bb9a517936a4f3cac4d80061d539272a63125a13cfa7059983afd43095ede0eacef84770858a0f4cfab6c76f9c2d2acb82c3570811ca57f91820b

Download Submit