hxxp://outbound-email[.]shootproof[.]com/ls/click?upn=u001[.]ZXou-2BSKTe773OwSvCea8QGMtCB-2FhfvQnerxhN3Ln9b7Yp4tsGAfSK5cq4MDuZX4VwpCQ_qJXCHvzph6Fm05ZWC595sphjCPXeh0QnpP-2FXMuw8i2fXj0-2BulaLrVrjk5nvVsp6YPomTx8h871rGYbvOLOSwx5-2B8AtiEqHPB2mpa89olO1NBAtZdzse5sjbup0ef-2FVZVJJnBTrPY09f-2FR1qytvH9DjBMI-2Fhml93Wh8oW-2FfUcMPIasMt2mMZ6d7ushAS4gtoW34pWssqiB-2BKmW9vy5r4yeOBwTIT7T3ffVVhxRkBmgvQbtt-2F69L5te9zJD1FO3TlPQZXhF9FHniKrlktbte1mDzdGAevo2lEAZVRZ7CUlURn2-2BLp2uC2GfyjsWEFygnw9lKCpEIJhNn6FnEf-2BuHHzu-2BnP39ByZrtcuNAfbsZG282CIyrDUPaWFl-2FqU8hDRa7DOokAnyKiJlE2yWfOPmGqBE30sEcwFa944izNx4PuO4C-2Fopau8YqWgGDVhtfPppC0d-2BAN-2Bwnt7-2B8ySCPw5FOxA6oV416RXQWIIcdQa-2FhQYcP1ttmgvUudRHzaE7vRJq7JN1AuymY7UZbE-2BozBhly6esplIhRcqD96AsAxIaZxGpM-2BebD3Uo-2BnB4CgYt7YkvHRoJ-2BpI7BuCGWd7wDHTTfKm7G-2BuiWMgsLMR-2FVT7cPMSzUtR8M3H-2BcXA-2FaaXDwd-2F5MNIQ2mqvw2ajrcf36dDRiM4Uy-2FmckLXaKekwgKm68UmVSGfQPI68izo6pxmJv2li2YdJy8HA6TUjHJfDcqOcTUFiXnl1jlBvkaIKhwfBLhPtkBuI8NH0xUbRGqV-2Fc-2BZ6Nl-2BUOkVN8M-2BY2MIcAdFLbTtU7tY4OGZWV3rqB5BjpqyTjwA-2Fh23SZdKct15z3-2BSQhZpG6YxZiXuROgWLsb2uD3lKIqZe4KRBDfnhX29BeW1ZqPKdzD6UChvLmfMSbIuWbKuiX9wpagOqOrU2CfkIg6-2FnIGHfBo3j0vNb-2FtkcBJ6CGOJ0LPbafvkDRu6ueWgHN9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 17:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://outbound-email.shootproof.com/ls/click?upn=u001.ZXou-2BSKTe773OwSvCea8QGMtCB-2FhfvQnerxhN3Ln9b7Yp4tsGAfSK5cq4MDuZX4VwpCQ_qJXCHvzph6Fm05ZWC595sphjCPXeh0QnpP-2FXMuw8i2fXj0-2BulaLrVrjk5nvVsp6YPomTx8h871rGYbvOLOSwx5-2B8AtiEqHPB2mpa89olO1NBAtZdzse5sjbup0ef-2FVZVJJnBTrPY09f-2FR1qytvH9DjBMI-2Fhml93Wh8oW-2FfUcMPIasMt2mMZ6d7ushAS4gtoW34pWssqiB-2BKmW9vy5r4yeOBwTIT7T3ffVVhxRkBmgvQbtt-2F69L5te9zJD1FO3TlPQZXhF9FHniKrlktbte1mDzdGAevo2lEAZVRZ7CUlURn2-2BLp2uC2GfyjsWEFygnw9lKCpEIJhNn6FnEf-2BuHHzu-2BnP39ByZrtcuNAfbsZG282CIyrDUPaWFl-2FqU8hDRa7DOokAnyKiJlE2yWfOPmGqBE30sEcwFa944izNx4PuO4C-2Fopau8YqWgGDVhtfPppC0d-2BAN-2Bwnt7-2B8ySCPw5FOxA6oV416RXQWIIcdQa-2FhQYcP1ttmgvUudRHzaE7vRJq7JN1AuymY7UZbE-2BozBhly6esplIhRcqD96AsAxIaZxGpM-2BebD3Uo-2BnB4CgYt7YkvHRoJ-2BpI7BuCGWd7wDHTTfKm7G-2BuiWMgsLMR-2FVT7cPMSzUtR8M3H-2BcXA-2FaaXDwd-2F5MNIQ2mqvw2ajrcf36dDRiM4Uy-2FmckLXaKekwgKm68UmVSGfQPI68izo6pxmJv2li2YdJy8HA6TUjHJfDcqOcTUFiXnl1jlBvkaIKhwfBLhPtkBuI8NH0xUbRGqV-2Fc-2BZ6Nl-2BUOkVN8M-2BY2MIcAdFLbTtU7tY4OGZWV3rqB5BjpqyTjwA-2Fh23SZdKct15z3-2BSQhZpG6YxZiXuROgWLsb2uD3lKIqZe4KRBDfnhX29BeW1ZqPKdzD6UChvLmfMSbIuWbKuiX9wpagOqOrU2CfkIg6-2FnIGHfBo3j0vNb-2FtkcBJ6CGOJ0LPbafvkDRu6ueWgHN9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706363930433841"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3676	chrome.exe
3676	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe
Token: SeShutdownPrivilege	3676	chrome.exe
Token: SeCreatePagefilePrivilege	3676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe
3676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3676 wrote to memory of 1240	3676	chrome.exe	83
PID 3676 wrote to memory of 1240	3676	chrome.exe	83
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 3948	3676	chrome.exe	84
PID 3676 wrote to memory of 2884	3676	chrome.exe	85
PID 3676 wrote to memory of 2884	3676	chrome.exe	85
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86
PID 3676 wrote to memory of 644	3676	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://outbound-email.shootproof.com/ls/click?upn=u001.ZXou-2BSKTe773OwSvCea8QGMtCB-2FhfvQnerxhN3Ln9b7Yp4tsGAfSK5cq4MDuZX4VwpCQ_qJXCHvzph6Fm05ZWC595sphjCPXeh0QnpP-2FXMuw8i2fXj0-2BulaLrVrjk5nvVsp6YPomTx8h871rGYbvOLOSwx5-2B8AtiEqHPB2mpa89olO1NBAtZdzse5sjbup0ef-2FVZVJJnBTrPY09f-2FR1qytvH9DjBMI-2Fhml93Wh8oW-2FfUcMPIasMt2mMZ6d7ushAS4gtoW34pWssqiB-2BKmW9vy5r4yeOBwTIT7T3ffVVhxRkBmgvQbtt-2F69L5te9zJD1FO3TlPQZXhF9FHniKrlktbte1mDzdGAevo2lEAZVRZ7CUlURn2-2BLp2uC2GfyjsWEFygnw9lKCpEIJhNn6FnEf-2BuHHzu-2BnP39ByZrtcuNAfbsZG282CIyrDUPaWFl-2FqU8hDRa7DOokAnyKiJlE2yWfOPmGqBE30sEcwFa944izNx4PuO4C-2Fopau8YqWgGDVhtfPppC0d-2BAN-2Bwnt7-2B8ySCPw5FOxA6oV416RXQWIIcdQa-2FhQYcP1ttmgvUudRHzaE7vRJq7JN1AuymY7UZbE-2BozBhly6esplIhRcqD96AsAxIaZxGpM-2BebD3Uo-2BnB4CgYt7YkvHRoJ-2BpI7BuCGWd7wDHTTfKm7G-2BuiWMgsLMR-2FVT7cPMSzUtR8M3H-2BcXA-2FaaXDwd-2F5MNIQ2mqvw2ajrcf36dDRiM4Uy-2FmckLXaKekwgKm68UmVSGfQPI68izo6pxmJv2li2YdJy8HA6TUjHJfDcqOcTUFiXnl1jlBvkaIKhwfBLhPtkBuI8NH0xUbRGqV-2Fc-2BZ6Nl-2BUOkVN8M-2BY2MIcAdFLbTtU7tY4OGZWV3rqB5BjpqyTjwA-2Fh23SZdKct15z3-2BSQhZpG6YxZiXuROgWLsb2uD3lKIqZe4KRBDfnhX29BeW1ZqPKdzD6UChvLmfMSbIuWbKuiX9wpagOqOrU2CfkIg6-2FnIGHfBo3j0vNb-2FtkcBJ6CGOJ0LPbafvkDRu6ueWgHN9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffda94ccc40,0x7ffda94ccc4c,0x7ffda94ccc58
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3032,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3876,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3184,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4892,i,10829645042569921931,5557517000474732004,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
deca0ff7529c964f4293242a4f3809e4

SHA1
0fd2204f97030b72344aa308b2c363a8a3868740

SHA256
de505e763f917c4594afe4c99f62d5bbdce64fec5e1116aaca0e09652d105b06

SHA512
5d85963b90c139aaf3e76ca7f34e520a3556691542388fc170fba94b45e923b595d5bc54bb7a5962109df09dfb7f6933d912a2400a8c1961264c0028f5fbd3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ee6535cfd16883603dedf2cd1a091e6c

SHA1
2dbd7371c4e4886c0bbc990ca3189f8607cea6b0

SHA256
12f82d325067eb617d1f9b691771cea15a773b573428af8439b946f3c34a60fe

SHA512
d6f6dcec37b49fd84254667bf75663b468e85de217c682856a182bf9155aa4dc41dc30b268af63f0c793031f96da3fb89203ad607c287540e4d0cb48a4bba7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df6ebac66962e67edfa7ae01257ec1f0

SHA1
9ae971564e3078dcf598b859499fbf65a0fb5115

SHA256
1bb4e61b9f2b0ae8d781e3c185101f638d39b834c54abf56111ff554a93b520d

SHA512
2231269c2cf78797b0e3b15e8e252f158be71b22c773a0fa8b22df2235840c2e0ac9af127e44016c7d0ab0b7c452a1e850a347d6d4479aae9aefb9a3ad4f3589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
102cb2522288f035aed8febcb859114f

SHA1
9926557ae67aa1619f62a8f05544bc49fec8f93b

SHA256
1e68a719e1804fd04c659bb6797b1cb15dbb13d79c35ebcc144b33781710e29e

SHA512
c72ddc449b0063c51889eab3da28246050fb2a6284a756ce4ca65597cf1e6b4b3e712d037008d54f0c3bc3257bd11b7f850abed731ce117f6f7b19876f2b96a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad76ff9f3ab86bf69f1a3c9c70d516ac

SHA1
4b05985ecb665479652e1a27541abfe57306c4af

SHA256
4434fcaeccfec70baa2beba92ca24464c5904fcb3edac927a086ad8f4ca7cccc

SHA512
0fbdf6a7e88458a81f7d7f19f7baacf6fc9bf3a00dca96bd6eb950cd8d3891fa66e919d04d254339ba3268e8fece0c71091ecc1bb1839c776b7903ca763d17be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40d6d81a5e76be7e2fc166d09372dba0

SHA1
abf7cdabb1e193085ee34ce363f688e94098e5dd

SHA256
5aea4c91e62b49310ebd25718098150367c66f26b42e7d898b9501ce8178cc0a

SHA512
5650344c9f79f9ec8b8c64dc632c52eeee3cbb80424ab325bead4f47dec003073f47feab86387d18e6c4bf5affbded4d08ea7483f615ad9d37629eafe31bbb54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
507dfe87dc351666b624e4f6279d3849

SHA1
dbf2ad60d31d928ab5def39d43b9caca79da3875

SHA256
61ade3774d5f06c7ee2563e629b808cdda567c904a5efdb4c6477147502df129

SHA512
63fea08516a8e466bdf78fb101a448e4c99a162b1b9fca759a6f2d68cb10ed8067962bcb90c53cfaec1cd6c4ebeb61d9931942f3dd03af2bc4f5b639f4a0a5b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d52d4f08188ebaac81e2c066a4a7812

SHA1
765c68aa7dc8d138ad5483a921c3357b6547a642

SHA256
b43873864245308374c183416eefe256516df6be4b160236c51217440e78f905

SHA512
6b0d0c6394190ca4515c5c83f999e09cc6e058c8a41679f0d3aa36bfdf365e93a9f61db479a1c96fddc5c8bc298d2ef60cc2e9a3822e49043b149753178d679e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea7306e9028c929b66b69e19acc84cd4

SHA1
7d69675a1a476286faee955d93549809109c97e2

SHA256
1b94c9bf3361789ffc137f3c8f8190f3371df1e70e8a34d4a59f015bb617592e

SHA512
1e10fcec737fac0bb6a3f24d24291b4d33d1a255e170f757b59642191a61de2df70eb03ec55e50d99ac05255ce22a0ed2643abede4c0e957c6271434e8c0d601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b4752108-3c3e-4b0b-b52a-c9858cdcfb18.tmp

Filesize
9KB

MD5
b0947b2d2a66c3339e5e3754fbe81bdd

SHA1
300649a3530bfad95c6c09d2fc01dad72b5ebdfa

SHA256
20c8405e2801ba27ad3f20756d0fa99b401dfaa9bf9a74e66c363e96ea8a011c

SHA512
de971c1928bc8f2b1d98b4169da210aa97f19d8ff0d015b7e501ded5049a413a5dcec1ca3d6ca63308641f20e13da44485e76d573be4f959b783480542812727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
06d11b4b461ffa4f88c1d9f33e5edceb

SHA1
b66379afc1b4f62c244e164e367f91b379a9b845

SHA256
d48725121c1e339d37fbc70b48ad542b0b8c6abd3b5c70fc965ddd76115bb4e4

SHA512
2588c25711978e07bbba6924c9222424edf0c93100eabaf95aea4d54de12e29cdeff030f915b83a6468e3a3a36d576cd44eb0d3e520c88f0aa1fe7983f568ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ef196ce809855c9beb79582bee6c4a04

SHA1
755d32641c375ecf3dd0150683335ece73688fae

SHA256
9adcc4c8ee087d33a725b801ece0601abba23ab1f5aea8cc64448dd32b02dcb5

SHA512
a193e1ef365c06dbe0507433a51f827b42435fbcece691171d12532df86c319aa5eec374e89b0ff1e531c3d0ba17f6ad86ebce77e460b08a7406fc830c23b89d

Download Submit