hxxps://elink[.]clickdimensions[.]com/c/7/eyJhaSI6Njg4NjQzMzEsImUiOiJqeWphY29iQHFmLm9yZy5xYSIsInJpIjoibGVhZC1mOTAxYjk4MzI0MzFlZjExOGU0ZTYwNDViZDAyMWU4ZC02NzU2ZTZkY2E5NmE0Zjk0YjI0Mzc3NWQ2ZmY5NzdiZCIsInJxIjoiMDItYjI0MjE5LTM2NzQxYjdkOWRmNjQxMDQ4NTc5NWE3OTg5NTQwNDI3IiwicGgiOm51bGwsIm0iOmZhbHNlLCJ1aSI6IjUiLCJ1biI6IiIsInUiOiJodHRwOi8vYWthLm1zL25vbnByb2ZpdGdldHN0YXJ0ZWQ_X2NsZGVlPXFDa1RlcHNUeFZidmhQeFozNDRUUS1yb1RNZGVEMVBpdElucjFEU3BUMWd5R0RxbGdjRUJfUGpiNTdrcFFOVE8mcmVjaXBpZW50aWQ9bGVhZC1mOTAxYjk4MzI0MzFlZjExOGU0ZTYwNDViZDAyMWU4ZC02NzU2ZTZkY2E5NmE0Zjk0YjI0Mzc3NWQ2ZmY5NzdiZCZlc2lkPTc5MmE1MzkxLWY4NTMtZWYxMS1iZmUzLTAwMGQzYTU5OWUwYSJ9/DKMdpSC5puKNG0u_WAY8gA

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://elink.clickdimensions.com/c/7/eyJhaSI6Njg4NjQzMzEsImUiOiJqeWphY29iQHFmLm9yZy5xYSIsInJpIjoibGVhZC1mOTAxYjk4MzI0MzFlZjExOGU0ZTYwNDViZDAyMWU4ZC02NzU2ZTZkY2E5NmE0Zjk0YjI0Mzc3NWQ2ZmY5NzdiZCIsInJxIjoiMDItYjI0MjE5LTM2NzQxYjdkOWRmNjQxMDQ4NTc5NWE3OTg5NTQwNDI3IiwicGgiOm51bGwsIm0iOmZhbHNlLCJ1aSI6IjUiLCJ1biI6IiIsInUiOiJodHRwOi8vYWthLm1zL25vbnByb2ZpdGdldHN0YXJ0ZWQ_X2NsZGVlPXFDa1RlcHNUeFZidmhQeFozNDRUUS1yb1RNZGVEMVBpdElucjFEU3BUMWd5R0RxbGdjRUJfUGpiNTdrcFFOVE8mcmVjaXBpZW50aWQ9bGVhZC1mOTAxYjk4MzI0MzFlZjExOGU0ZTYwNDViZDAyMWU4ZC02NzU2ZTZkY2E5NmE0Zjk0YjI0Mzc3NWQ2ZmY5NzdiZCZlc2lkPTc5MmE1MzkxLWY4NTMtZWYxMS1iZmUzLTAwMGQzYTU5OWUwYSJ9/DKMdpSC5puKNG0u_WAY8gA

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674450525603560"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{CE223254-4FF1-481D-9601-1FDDE0E09ECA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4384	chrome.exe
4384	chrome.exe
4384	chrome.exe
4384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 2868	4796	chrome.exe	83
PID 4796 wrote to memory of 2868	4796	chrome.exe	83
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 4240	4796	chrome.exe	84
PID 4796 wrote to memory of 2292	4796	chrome.exe	85
PID 4796 wrote to memory of 2292	4796	chrome.exe	85
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86
PID 4796 wrote to memory of 376	4796	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://elink.clickdimensions.com/c/7/eyJhaSI6Njg4NjQzMzEsImUiOiJqeWphY29iQHFmLm9yZy5xYSIsInJpIjoibGVhZC1mOTAxYjk4MzI0MzFlZjExOGU0ZTYwNDViZDAyMWU4ZC02NzU2ZTZkY2E5NmE0Zjk0YjI0Mzc3NWQ2ZmY5NzdiZCIsInJxIjoiMDItYjI0MjE5LTM2NzQxYjdkOWRmNjQxMDQ4NTc5NWE3OTg5NTQwNDI3IiwicGgiOm51bGwsIm0iOmZhbHNlLCJ1aSI6IjUiLCJ1biI6IiIsInUiOiJodHRwOi8vYWthLm1zL25vbnByb2ZpdGdldHN0YXJ0ZWQ_X2NsZGVlPXFDa1RlcHNUeFZidmhQeFozNDRUUS1yb1RNZGVEMVBpdElucjFEU3BUMWd5R0RxbGdjRUJfUGpiNTdrcFFOVE8mcmVjaXBpZW50aWQ9bGVhZC1mOTAxYjk4MzI0MzFlZjExOGU0ZTYwNDViZDAyMWU4ZC02NzU2ZTZkY2E5NmE0Zjk0YjI0Mzc3NWQ2ZmY5NzdiZCZlc2lkPTc5MmE1MzkxLWY4NTMtZWYxMS1iZmUzLTAwMGQzYTU5OWUwYSJ9/DKMdpSC5puKNG0u_WAY8gA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb6b7cc40,0x7ffbb6b7cc4c,0x7ffbb6b7cc58
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:3
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4732,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3284,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3852,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5252,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3340,i,9265503539441764537,7234654270416295341,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4384

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a9b4e8e5e7eb34b2c1013d7ea543395c

SHA1
d35a178fe186bfc19cb33446015886489a3e37a9

SHA256
9c579c48e5f3b105770bcdf7ba87d0d8533796254a0954b372d84d991dcac067

SHA512
fa6182739da23ece1a6d859e1850214ac3cb74e6a44d4fbfa111944e0255b5f422ba1b85701483b5527d33d01ffde3253b6c4c08eeee38367cb2af9ea4006ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_nonprofit.microsoft.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a905651f4e1a6eea63fb71fe38f10d7e

SHA1
24ff0dbcdc9b75068dfae968f8c37fe715d9de58

SHA256
2e84fa394c143eaa564fc8af90156ef2e3925a5504459206b12ee8aa67d04393

SHA512
509a0f3497161c17b6a070f044c38c04e4885c242ac86098113d9218c438eaa46f929d992673ee258cdce737ee23acbb6ab6633e3d47b887924f5ce03ece54d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cb19b0185b4bd5a19020aa0a2b9153ba

SHA1
2008bf3f93cda04c9e8a45ce2265e97d2b3a5029

SHA256
2d105b55239dd929ab7c91bbcf1b2a21cd7c6254c1d840bd728573f043b7c2f4

SHA512
0169ac35fb222784e6c99f60981458434dacdd32a3b794e5234989ec2418ea01e49abe29ea7815c9d7c7775f8c29c0affb2283e53119d71efb358b63bb09f49a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
be5d1b19e30b82e774fc223c6f570364

SHA1
599cfd89d7a4293b316d5ac7a88490dfee141290

SHA256
ee9edc31b7fcbf4e5b451c3994043f3f71e8606fc246b05f614557a5ab33affd

SHA512
dd65bbc509d757ecc12f8ec9b009ae863e4187fc93a739a839994eafbe5b11539ea03fa9247aaf93ad2de8f8bf57183fd00cd8f4226071c1880a9dd4c599a05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b44952caad5f328c64ca84991c1d9033

SHA1
7b4c54e80eb2be53f541ce18931c37459f698740

SHA256
84589e877ac3adf80a927dab1d4e1962f40bc6cde98b888de7e18a4f97e0dd13

SHA512
54a53047d3cf3b8b136f420230c16921842d4db5aee06df27ce346486f89681be843804b4717adda1ce4a6d841271e6a62d2f16f68711a3112e1d70a89c8a7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0aac3fdbe9b6de22a057848b64e1fc6

SHA1
dcc9323bd351fc6ba9a9b6a85e51b2317887d2bd

SHA256
e989b1e247a93eecd9e57e2c8c69b5d4e679f7bde563996f152c5cfc34fe3536

SHA512
d9f0fecdbed4758dd3b00ccb2b4e89765144a5584df3415a2db2ce9ac6b7b16257ea41bb8d51c5c62ecf90775ccf9276fcbebfb3e092b063d1c613e5a5233847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
187b2cf3e45cf9de0f8252675692c71e

SHA1
8136c44ae6ba7bb8f98b02e7e2b62ba206901b4f

SHA256
a120876db808434c33c0518d27acdd6c89311829f734ea5b27199608e81877c4

SHA512
0aa64fa09e8aafbb5222bf628fce5d6dbb32008479abde077c91fb2ad6b5974fd1d526dfdd47446bfb4f5fd06dd70b1cba57296e82921b02113f60c7d1aa1c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70b66241a1a4f7434e91866ab3ce85b2

SHA1
11c9ec737f0a93140627d6bc1088344bd09c518e

SHA256
7394f626aa392dc3de0703551bcc4d14b2d2917d0f46288518c9a13065c30e23

SHA512
0ce8a1b58e4f9f305a14cb2d429248cd6f799e983ad2072935672ca22c83cd892ad867f419817335906a4f2da92adaa58c55a95e81eb15e4b7c91ac77595e8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
260e7c266a989146c74ba4f6a5dab6ca

SHA1
7efbf117a7ffee33d49a86660c3151957f8c12b8

SHA256
98f908ad018293504893e2aca19355abf7d7a7f1b60c43719e331b1446466cf9

SHA512
b7ce0f20b2e5b9da40e80ebc7d7ecd6a81861ba9a82ce68088a7c536c5c6efa8082f24218b61f2a395ffa04a3628c1f673185775c7f376292bc83c806d2cea8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a34e7d64f2b945449b6962eb6e6be380

SHA1
935793bf2634c39650acc350d08b816a8ce51b90

SHA256
a3632008304cc9d772c7d196836c421a82f2eedea5066e8a0341632582d9bc79

SHA512
488c9d59664624f4be845e064098067c2cdae4add89958ebd0198fc86862485f366b41c1936c0d4e0836e1a1e5e0d49bddad7d28670f6b5ddf8e4e1c3a731a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e58c47df4e50b9b1aa66c80a47be4cfa

SHA1
738ad12ad26a75aa9aa34164c4fb4f3cca892a75

SHA256
d9dac09994640ffbc3e089f186cdd2a1f5132482ab5b0f973383a4ca63e2367a

SHA512
caab5ad936fef929c7b6d06137e69f704b5cb28c1718dd959227141559bca8cb21fc6f55a30c9faaba3286d900c21304fbefa645f5f8f15fef2311529e5b5bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f73883daa7201e24d8c6a8b7bc11fcf4

SHA1
b646a003b56e2743746e6fd91ae3cda7bbc9725e

SHA256
a5ce000ef380752477d740e22a6ede9e2a3c3b514a4515c782b4e7cd7cca037a

SHA512
8ad0e48dabd17f4b7ed571cc6bddf437c0c26cc161ca26df4721a30c29ad37fc9821c921792a106eae647ec8a4aa8292d8e5aea0f153bf9ad8bb8858fc0cd221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42da77649ba7d867ee45a83cd4b5b21b

SHA1
e0a17059907cbda2725f65ce7b2591648e168137

SHA256
aff9bd7acef9bd2fb23171a5f1a28eb379960cbd4c9c45bc7cca43aade1bd050

SHA512
0f4492681277989786469cca565e3e5b2821d55efc3407ff28f68d3d36b17c0c4a3251e58146985db9171c615274b458f57f84a3b33853abfd54b15c7e5ad7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ab6130ecf8b54cd34be180549e3ce3a

SHA1
02e146ae77b906e24e2cc5ba37ad105e2e5a8e52

SHA256
e8ee8db4861023c649c60d3ee242ed306e3c3fa4abd46e6fc5c369e2ccd25397

SHA512
64492f1b9a615c595e2631720c5e9ca0275c22804c724aff8579a4429816a8603b787c72432c81945697a4b782e84f2053117f57abe3c81d77b442141b8c4eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
26e1a5092ca9a38064518728885d29fa

SHA1
15ab4439a2d78769adec671c739a22a5481f1248

SHA256
1045b296a82df9b774a921c9162480d21c8e9ca752d31bd155cb2d51e88c6dbe

SHA512
a3468245b81e84548b506b1dd0ef59d9ec831394fec97cecf34ce246c4920ff05acd1fc5af14dcbccf471fd8bc33ef08c2d3dd0f685ce110bda7266a0a9e34c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
641dbf16498b6ec2807f1a3eb584675a

SHA1
cf4713ffa305a808c18def0bf84ee47daa82ea45

SHA256
6fccd5d5508ab86f43fe9f84c9721d7c784ea815160f0f813e0e9a0ac183b245

SHA512
23a72f4eb2bb6255882f5b404e0fa98fea2d63792a4d774b9a43e91807ad80ebe36a635a32f30c0e8e0a89e155c9715b1dd152135cc5c8ed559a2b0258e3fca1

Download Submit