hxxps://we[.]tl/t-1GeC18RXcI?utm_campaign=TRN_TDL_05&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_05

Resubmissions

13/09/2024, 13:47

240913-q3j8ystbnf 4

13/09/2024, 13:37

240913-qwvq4ssepn 4

Analysis

max time kernel
37s
max time network
40s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/09/2024, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-1GeC18RXcI?utm_campaign=TRN_TDL_05&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_05

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707083757924669"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: 33	4864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4864	AUDIODG.EXE
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeCreatePagefilePrivilege	1992	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2384	1992	chrome.exe	72
PID 1992 wrote to memory of 2384	1992	chrome.exe	72
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1352	1992	chrome.exe	74
PID 1992 wrote to memory of 1376	1992	chrome.exe	75
PID 1992 wrote to memory of 1376	1992	chrome.exe	75
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76
PID 1992 wrote to memory of 4380	1992	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://we.tl/t-1GeC18RXcI?utm_campaign=TRN_TDL_05&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_05
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe2c19758,0x7ffbe2c19768,0x7ffbe2c19778
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2012 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4732 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4944 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2836 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5644 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4964 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4952 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4892 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6696 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6772 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4940 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2236 --field-trial-handle=1856,i,2039768182684923295,13046251989019416656,131072 /prefetch:1
  2⤵
  PID:600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
271247db95f8ad340e55f0cb16213259

SHA1
23c54627fc7e765e3141325d09b35c3809c5eaa1

SHA256
e439130931d8cc50dda328bb2fb8244adcdb7ec6c27396467c16e3b84dd1ce42

SHA512
943f98b6b2e9e0590c728361e13bb9d12d90577f2fc3727bd66da725ef1b6dea95e80e94504a2d61f68927ce69a9a359279f4e9f436fa72115802b8a8032b75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c815376af6788f65909761191e9e1278

SHA1
275e7973857df6a3172d318694273647798ad016

SHA256
1b7eb004094fe046adc3e29b538db27d8ee43ed72324849a0341f557372453d6

SHA512
8e058138ce7359ce486ea9940fe6828db0b22b85eb158b8477517aebb38bc9d80fff5a61856c90f8b2b7c7f61e7cba5281f923e99516b1dea5bd8a15167b3cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
63b61ec32795d8d40cb61b2ec90c695c

SHA1
3e42e2aafdf722ae2dd5a4e04efd58c279969dde

SHA256
823700381df33b54b21378a9043b480eed7a1f31220c22951a7d2649c781abb5

SHA512
60edd6d979731e0558152e83c7e21d89bff622e833d6d9b9246c6b6be63ae10a34fd44195e57b94c5c83292a9bb2a2b68b196d0766b7c424cf75eafe716c845d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\be23612a-25e7-479e-b512-7a3ba5b329ea.tmp

Filesize
3KB

MD5
49243bde144d7869a0e0b663c3eb7ea1

SHA1
e8fface5a5150f8c52610bd32bfec24205976dcc

SHA256
c732fe5a65af857ff443e7bcd9ef3cd00973cf20052d1d355a87970612759222

SHA512
25c1ab80ba6e089b21e0b4f4a6569d5df46b53e24e60a58e571f6e055b9d979ee6d35b904017b091f32cb79271ab03297ef4663c9535ab623a85a323ce3a3065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7387cda920cbcc24672c1604bfee4efa

SHA1
d5ea8f1f28f89a8cf1e59552480303d192a2e178

SHA256
99195484264d4ecd0763e4d1b06019e4dd65d371c2b950f4d393e60e8d7749e9

SHA512
f0ed895c95adf391eead61b0e42f9eec91d38ba5ac66e3ae58e3ed350beedb882f4f1991d8d68e137b6d2a0bd74c80931ba8b62bb0220aad55db7a66746e6a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d13a91be6ed748c3f194b8ec2b3900f

SHA1
424ab2426fb1e944bbadbf27205d4f75e458af0c

SHA256
641f82a94f72325cc46711a6cdf69464d152a048e4c7e9c14a408ddedc18017f

SHA512
0468f850f4a274103822daf8d25aefaf14e4b92b1d7706591e2391efd9c9d0c0993aa77bf9d66d714e57b6fb6610f701bf00aeb03f34551b4676aa80ff162755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2839a96f926acadb5bb54d3672b47aa8

SHA1
137ebca8a1b226fe9a175a6d4af45b87ec852d08

SHA256
22f7a79a2523e8b295a913119899479ebab286e984161ea8967ad7cc29de2e54

SHA512
8038acfee682ae313dd00d3efa170d6c20c1b665346e9fa849705da533b8ad6f1b9a27cf66d65b4ede82231fe6a7560d6742da9405a85fc3f5a20250be241c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7c0e8c319088661b227faec9c7e8920a

SHA1
24ca4a4562c556b3a727d3b2c5cf5cc3383dfce6

SHA256
2d7acd6044116958813edfd2186867a2d04dd2ff58bf37124ae00bdd706c12f9

SHA512
7055ef7c308850f921f6224d2df87c539c0ed1e3d7c0e07098ff359633b8ef2b0fc37ab1137ff1b455a733a3d2ceb87e5ea8dcf5436173791f0d43eb281f0df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Product requirements, Technical specifications and Data Sheet for Jessica Stahl.html

Filesize
972KB

MD5
34c82975ad13229718cec3986acf46bc

SHA1
10a3459551ad764dfc1d1b52d70ace64b97b4df9

SHA256
90affe93e19e87d69503a654fd40bfdb555806bb60645d3099fec1c175c96ffe

SHA512
f579a2d1e968595a0a43e81829e7719bb1169f5c25ba04c4bf9a6250b5d4c66491afce05151ec80b6feafcccd36d184e6d59c4f588e2fc429849486526a64ec3

Download Submit