hxxps://track8105909[.]kochdavisjobs[.]com/9155299/c?p=PuvfB2eBQrihrufHjZEy7OEuiYcKVa6KV9VqV0EymXJpQynR9kQmunLRIWsoYljV7pSuBJ_62BbkRs7iSX47ntfs8dfeT_y7_g-DO54X_XOSAuXBKAmic8XAifuWO9j_ozXiHNWCZhh-4fqgz6dmoWd4Gu-db5Yvk1JgIDbdPk09w9n2_veQNgvKqRcihQqGHoSjNzHZeB5Uf9aT0xzPjahG7Oz09encGhgchsbp8I2zBBw8oqMyFG4awafiH9ey2TyG3fygkCU44i_lX7tYJ9KHsLUE3rahKIaHAyJ1ENpT9LlxZm9nPWSQqc8_tEZ-o-0rJOF4-9lual2RzwGQ7MKI5GZXMPQ0HnmsjFcVcavXrLQ5K7lel4Rezp2vp248Bfrxf0zb4_ojUjsvC4CAldcmTMBmZ21CtAzIZdeig44CmWluyo4EOfUMN3BYnCcHKq8xcgRwREbDCt2Ue4t_jdStCbRnoR1J30dhyMf7COKzVCLKUHl2Byq7agcKBvYPDUYxIWqzvtG_ghSmFE752LJDzQISoroO2j0uVhhBU9eyjbgFTTTCIxZXO-v3LhwNltgnMeg22ctlGLfQpf2HeOYmc32aN5fjXuBlywiOHxP9YqSPLl3DHL74bkAxSRJoEbP1VtAhuxgHJLrt8EaGzaxqBPE0ob9pD_ZyBlgMGNZLQRH1oE0q5ubZ6X6PassrqKiQY0VStiBT5O1764BA-uKiVcxZXUwwQshl3NGlopQyMUS_Ha4H-uBjWTy5NDI69EdXeOwOGLtLKFU8sJfc43daONbbO048J5Fc5B4O0W8hKLuSRu_xEIBFUafVZsttziQzveHAl6xiMJ8hb_SJFustnVbSgAR_Us37sB1pBDCrm-H-gV3etgdafUDUl31nj5PUPTwO2gGt3Z2nhkDJbv3bf_SOktkVXm2QFu1ksbVOC6bTce4Q901wUaL9_w3dbzTa5ry_sjVMGBmRkw_pxpeZDdVADxNGG2oP-Go0AHFIG4BSKJCZutjKGRw5r7KrJALWW7RTpjpurLYbJ37BFtyX5936TWIUkJkkN6XqKRTVTuyQCSEj7Wh1oT89BCmhP-Xqq0OwkDHYIF-RwghoWdWiSTUJ1aU28_1MLzsx8Px6fPPc-r5Iq22d7Tr5WycZ9PxqBP21va4djYeKFEx2m8O4qfKiyAGMMdD85boCorIJkbRplk9pHFPHeCUFvtd0yeyYJN5lYdaEPWcqHzOnniN6PR0KR-i6KYHuGkE22LTBTQ1BHwPrJdJmfHxS-UTiCk7ah_9Md7XQQtZF9iLVj2mrLReJiDBTH1RVhk_Gak6WeTFQdVtC7Ymhg7dkfvpuZr3hKTvmmtn9Uj3gg462lJrH6nWQdNwvI_pbK_iZCxTV2OxnlTzMIo2Z7tNG87DvtDNv8MfcQZx8bHqZktmRo-C2wmUYVj4e9OzJa0bIRKQ=

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://track8105909.kochdavisjobs.com/9155299/c?p=PuvfB2eBQrihrufHjZEy7OEuiYcKVa6KV9VqV0EymXJpQynR9kQmunLRIWsoYljV7pSuBJ_62BbkRs7iSX47ntfs8dfeT_y7_g-DO54X_XOSAuXBKAmic8XAifuWO9j_ozXiHNWCZhh-4fqgz6dmoWd4Gu-db5Yvk1JgIDbdPk09w9n2_veQNgvKqRcihQqGHoSjNzHZeB5Uf9aT0xzPjahG7Oz09encGhgchsbp8I2zBBw8oqMyFG4awafiH9ey2TyG3fygkCU44i_lX7tYJ9KHsLUE3rahKIaHAyJ1ENpT9LlxZm9nPWSQqc8_tEZ-o-0rJOF4-9lual2RzwGQ7MKI5GZXMPQ0HnmsjFcVcavXrLQ5K7lel4Rezp2vp248Bfrxf0zb4_ojUjsvC4CAldcmTMBmZ21CtAzIZdeig44CmWluyo4EOfUMN3BYnCcHKq8xcgRwREbDCt2Ue4t_jdStCbRnoR1J30dhyMf7COKzVCLKUHl2Byq7agcKBvYPDUYxIWqzvtG_ghSmFE752LJDzQISoroO2j0uVhhBU9eyjbgFTTTCIxZXO-v3LhwNltgnMeg22ctlGLfQpf2HeOYmc32aN5fjXuBlywiOHxP9YqSPLl3DHL74bkAxSRJoEbP1VtAhuxgHJLrt8EaGzaxqBPE0ob9pD_ZyBlgMGNZLQRH1oE0q5ubZ6X6PassrqKiQY0VStiBT5O1764BA-uKiVcxZXUwwQshl3NGlopQyMUS_Ha4H-uBjWTy5NDI69EdXeOwOGLtLKFU8sJfc43daONbbO048J5Fc5B4O0W8hKLuSRu_xEIBFUafVZsttziQzveHAl6xiMJ8hb_SJFustnVbSgAR_Us37sB1pBDCrm-H-gV3etgdafUDUl31nj5PUPTwO2gGt3Z2nhkDJbv3bf_SOktkVXm2QFu1ksbVOC6bTce4Q901wUaL9_w3dbzTa5ry_sjVMGBmRkw_pxpeZDdVADxNGG2oP-Go0AHFIG4BSKJCZutjKGRw5r7KrJALWW7RTpjpurLYbJ37BFtyX5936TWIUkJkkN6XqKRTVTuyQCSEj7Wh1oT89BCmhP-Xqq0OwkDHYIF-RwghoWdWiSTUJ1aU28_1MLzsx8Px6fPPc-r5Iq22d7Tr5WycZ9PxqBP21va4djYeKFEx2m8O4qfKiyAGMMdD85boCorIJkbRplk9pHFPHeCUFvtd0yeyYJN5lYdaEPWcqHzOnniN6PR0KR-i6KYHuGkE22LTBTQ1BHwPrJdJmfHxS-UTiCk7ah_9Md7XQQtZF9iLVj2mrLReJiDBTH1RVhk_Gak6WeTFQdVtC7Ymhg7dkfvpuZr3hKTvmmtn9Uj3gg462lJrH6nWQdNwvI_pbK_iZCxTV2OxnlTzMIo2Z7tNG87DvtDNv8MfcQZx8bHqZktmRo-C2wmUYVj4e9OzJa0bIRKQ=

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
115	api.ipify.org
116	api.ipify.org

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670180776413713"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2348	2468	chrome.exe	83
PID 2468 wrote to memory of 2348	2468	chrome.exe	83
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 3636	2468	chrome.exe	84
PID 2468 wrote to memory of 4596	2468	chrome.exe	85
PID 2468 wrote to memory of 4596	2468	chrome.exe	85
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86
PID 2468 wrote to memory of 4336	2468	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://track8105909.kochdavisjobs.com/9155299/c?p=PuvfB2eBQrihrufHjZEy7OEuiYcKVa6KV9VqV0EymXJpQynR9kQmunLRIWsoYljV7pSuBJ_62BbkRs7iSX47ntfs8dfeT_y7_g-DO54X_XOSAuXBKAmic8XAifuWO9j_ozXiHNWCZhh-4fqgz6dmoWd4Gu-db5Yvk1JgIDbdPk09w9n2_veQNgvKqRcihQqGHoSjNzHZeB5Uf9aT0xzPjahG7Oz09encGhgchsbp8I2zBBw8oqMyFG4awafiH9ey2TyG3fygkCU44i_lX7tYJ9KHsLUE3rahKIaHAyJ1ENpT9LlxZm9nPWSQqc8_tEZ-o-0rJOF4-9lual2RzwGQ7MKI5GZXMPQ0HnmsjFcVcavXrLQ5K7lel4Rezp2vp248Bfrxf0zb4_ojUjsvC4CAldcmTMBmZ21CtAzIZdeig44CmWluyo4EOfUMN3BYnCcHKq8xcgRwREbDCt2Ue4t_jdStCbRnoR1J30dhyMf7COKzVCLKUHl2Byq7agcKBvYPDUYxIWqzvtG_ghSmFE752LJDzQISoroO2j0uVhhBU9eyjbgFTTTCIxZXO-v3LhwNltgnMeg22ctlGLfQpf2HeOYmc32aN5fjXuBlywiOHxP9YqSPLl3DHL74bkAxSRJoEbP1VtAhuxgHJLrt8EaGzaxqBPE0ob9pD_ZyBlgMGNZLQRH1oE0q5ubZ6X6PassrqKiQY0VStiBT5O1764BA-uKiVcxZXUwwQshl3NGlopQyMUS_Ha4H-uBjWTy5NDI69EdXeOwOGLtLKFU8sJfc43daONbbO048J5Fc5B4O0W8hKLuSRu_xEIBFUafVZsttziQzveHAl6xiMJ8hb_SJFustnVbSgAR_Us37sB1pBDCrm-H-gV3etgdafUDUl31nj5PUPTwO2gGt3Z2nhkDJbv3bf_SOktkVXm2QFu1ksbVOC6bTce4Q901wUaL9_w3dbzTa5ry_sjVMGBmRkw_pxpeZDdVADxNGG2oP-Go0AHFIG4BSKJCZutjKGRw5r7KrJALWW7RTpjpurLYbJ37BFtyX5936TWIUkJkkN6XqKRTVTuyQCSEj7Wh1oT89BCmhP-Xqq0OwkDHYIF-RwghoWdWiSTUJ1aU28_1MLzsx8Px6fPPc-r5Iq22d7Tr5WycZ9PxqBP21va4djYeKFEx2m8O4qfKiyAGMMdD85boCorIJkbRplk9pHFPHeCUFvtd0yeyYJN5lYdaEPWcqHzOnniN6PR0KR-i6KYHuGkE22LTBTQ1BHwPrJdJmfHxS-UTiCk7ah_9Md7XQQtZF9iLVj2mrLReJiDBTH1RVhk_Gak6WeTFQdVtC7Ymhg7dkfvpuZr3hKTvmmtn9Uj3gg462lJrH6nWQdNwvI_pbK_iZCxTV2OxnlTzMIo2Z7tNG87DvtDNv8MfcQZx8bHqZktmRo-C2wmUYVj4e9OzJa0bIRKQ=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc19efcc40,0x7ffc19efcc4c,0x7ffc19efcc58
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3996,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5080,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5236,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3388,i,8655580362634106787,8084437880820668159,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3392

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1127993d-808e-4c2e-926a-1c0f102615e8.tmp

Filesize
9KB

MD5
df931c3bb20689fbfc246c4ea7094fdd

SHA1
91ce9b306277a0dc563a006a644ba242a1297a9d

SHA256
c97b407555272b206484a1a670869b5e3480418e89c57f45685c740746260281

SHA512
c10fc228c1379202234dcb715a0266006f401c4caee9dcd495e1e2f1955b96d038565ccfcd394999334ec3c55c4807dd3650df847afed9f6adb1dd9db3cd2ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91c072457fdd8041a496ade25b4379b8

SHA1
0579225d79a4be6ff5b8e6c67f0d29d4cc3989c6

SHA256
5be88a6803f7fb3051006a1376582c9507812a8f871583fc313ffa8ccc041b4b

SHA512
5dfa85ab0752a664fd8160a005bb6f786370b6e8589e1ed837b4875902b4774c768316e2c7d1be260bbd4fe16b162cf5af66d44fb7f277877d7896360f225449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9f1a06277432803c9e97afceec05b0cc

SHA1
4460794e970944152b40fd6e503caaaa730f3918

SHA256
c94cde9a7623b82662d74ef937c18f36bcbf85cd5594fd99217e0a5830d85881

SHA512
b44c1d834f8bb026e19526f12b1a8bd3c20463e94c122b7acc53005160513f7d0c511d7e5d1743d78a0f2250226f8fbe2ac85879d5c4ae520286b2399db7418f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8d593ba7ef497b91a6a0cba4010edde3

SHA1
d9c05e1c0f0bc10091d16ce82b51f82e9c27db6e

SHA256
bb9e8606347528a484e559a79b6d75b16160b55e390c5cae093830d0fb51a668

SHA512
de408f07e29ed3c8f8e2ac1d46d7abd39f57bdfd31e4fd64a9944b174999d4b83e69365d26e3213eb38ab174fca155e00d87a54a7b1fed0c51644501c2208702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be9ba47a4284dfacd82329a6c4794441

SHA1
d43e8ac06ada82a3ef9c4824ab33d7d8039fbdb1

SHA256
77d1011f39be2f38cbc77af64a71c6d0b1cf69d51c361c8d88296d9d5234dd65

SHA512
7ddd1ed12ee27eb249b375cf3e1356882cd8d84981185da845f9166afb034bb88b4588560cfbb5403958f11a16341d4d861e234aebae25b4ad87510a0b5305ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c1d297d2139b60c7ddf6421ed8477b1

SHA1
126cc675fcff42f85a34dc3bed75a3e12c30d81c

SHA256
2dde146cc5fbdd439ec71ca4af1512f05e214db5d1cf27489e753fd82b926528

SHA512
24df0e14da0493616804a9895b1ce8ddb1f8d3ff6f7d7701e2a7f4075090447194cb47ba4da08f91b3a39ce3d0a8996b5977a5b6962c89cd026e884a33998f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b03b55d1311d578597775fc7e17b36ce

SHA1
9607cdfb05f229c180fde402e710e5414b26b874

SHA256
3ae4d03a9b77e3267ca1aa3e09362f41f323bf28976071104fe1ffd9d487a710

SHA512
b2e221ce64bd0dd3df71e5ee426b37b3bf6415b1cecf30056e77891040c6f07596d9ebadf9759acb48ee928af0720e1038b2069f1351b10157ca0f94486f634f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6cb9fc88f42fa562e21c6cac6aba60f

SHA1
912f4cf1c16080ab3fa7adb18d1e88c6092926df

SHA256
46f8a2d795d41ce4da9e1fab42dfca9d1a56df5fc65840680539560d8de9f33d

SHA512
f4bb5c408043172f7b2d0fe858464e691b3adc0f56b4fd37b7cf35b0c65cbe73be7d202a56791d246adc89296b3e932a4f167c59290bd8b4ba0316dd48ac4839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a5ee067e070b97ed5044e5854a03edd

SHA1
7c6aa5710a1b2a052039573a3af6bfd37c24938e

SHA256
eb78d570cecca77111522d2220f2b7b8257091e39e340208a756e601755ece4b

SHA512
5162bae13c6f386a8d93ee97e91c92c75c37ad7f62c223a9d17bfdf0367772da5d2432342069190c7a29b6793f6182fb3af9253e6b8026a9d40e2cdce5d61434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b31ee83a6a5b439c8e350d2ff4ab5419

SHA1
da351415fde0094dbf8581c504d4d6ef3ecdf7ee

SHA256
73c8cb37e3aad2a51e0205999c6e4d6450f1d4334d073e8b3b2c020f6fa3a297

SHA512
9e09dd1ede21a992a2781790b9d1421ff51290de2490db0ed5a43637ff5fd4dcec40463d37b3c6bfe30118e190572527f255042a0e303553a88ff1be24cf1449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eacd7acc1c8cdeebc13403aacdc13d39

SHA1
699e8fbb163ff9b9f124d3ce8eb45ec594fca7f6

SHA256
42c55ab70a90aefafc0fec4823b767941efcdfc2ac3a5773bdd6d2d5988fda13

SHA512
d397f7ad94c2f2d918e4cc5cefb520b49b5f875faafed7434ce3aef6709aab1358a75c6cea4077f8fa5989cca0fa877439b6a857e46599c06cf66b39f78eeb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a12b4ad39913458c3be9fd1a787dde38

SHA1
52ee05ee9aef6c0475943b5aafb4bb007d611ea1

SHA256
a2b799cb3eb8006056f01d2b85bc1fc6ffef689f7e9e602147de4160fdd52c23

SHA512
0622a61d31b199b22c426bb255441ad04745bc697ef8bac6c1105aace066f8a1c88ee176c753b75cea83689d07d5197ef5e6f182062600abacf99e04dd847786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee244a1b0c0fe3fea1058f3597b0b923

SHA1
7d16e4e0f8f8438480ba3bef5a25eeb2022ecba2

SHA256
a0110b3732aa239f7501ff198f0e0433fe1bb9b9ef995bde5e26634e31cf72fd

SHA512
99bb5ec5c7f640546c021eacc055740822610c3348bba7f8569fb98fe08e141424d138abf7da0f44eb9b0a9c992b0892f947c1299842233a6224f73e231c9028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
1cfdc854c8345aef08216af3d13f0d20

SHA1
419e3b1346355b46b041fc82eb66e6fd394dc1fd

SHA256
80c92a53435f5f7da8b43d5b4055a81c93f5d6493e6e4d33c25c91e5dcf0875c

SHA512
7fc167bbeb7fd3c037b64e02e4ac6d7f6c69536bb2aa8f7eeda8c575074dd6667fd7fda767b415f91b358e170e80021b5d39d4eef522332c2ce1ca7f4092690b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
04466aa1f242bc3da98a8833fcd310da

SHA1
d81b136c30e7cff40f1f99e45291c87997143d83

SHA256
2cf6ab7d88df24b9b54316e9528da51b4a80b6a2f50b14ea4d3a8b0db9bf1f6b

SHA512
e2edb00b3fd8a252dff63b7546b9c96fb16526e062dfec99f65741854a5fe3d222252f222221bd01779d9032a52b9a0c80992793b57a637be04df669f7f86e91

Download Submit