hxxps://u47368618[.]ct[.]sendgrid[.]net/wf/open?upn=u001[.]SOdDXxF0UgsOQn23VrYo2GnShOXkJ8pwCW9mE1i3vgn1sKMxXeM1YaMnmgM-2Fj-2FmUQ7K3zAJxUEAS0u1nmb8Xb7YipaVssNQ8zRpXiCX4fLRAbpr7Ic5mO1eKmDsQSCxSRGN0k2-2F9wsAQI5SlGO3gIeNJThtb9rJ5SCY75tvZdAYMjo0sMITHO-2FW1VP0Jvq6Fw1b3E7SPPHL19M0Ueg0-2FcPgnZbI9UTtEY2OzErUtsvzG61VTPfowYd-2BzAamUFSGXtVn-2FLLGG4-2Bf5QHRcOyKzLgAjFPNYzG21-2Fqs1wMzewCORymn-2BUOI4XFDt5HUNrbgw83T6G7YxEFDfY1Xfe1rjI6SqZsobZtlmlRc8Ut-2F-2B2Om-2BNYLUGVRxeJeBPNP6yQoSwRRQM6pIrEnGBXajtm4RB8Omo5y6Ql1Px2RKMqWhir2QlBK4deoWl8CV0luL2cwrrYKw7VQlk3mfoaF0BSRwm7PXsdfq7Uaw5q-2FMxtyZZXkSOgnvXRrx4-2BiNCMk1CipI9FUnLnb8FueZu8bPbnAE1AZtejAV0icboYCESUqHM-2Fdua4jgCEVlL70Hf0lP0-2Bk2lO7TPsUFYD4xGB6vSNQN-2FF307xbgPjh03kl-2BeKnUFppFQ1AzoE8ZsN-2BzSXo4do4EmJ6qfRMxH4mLAg0XQSWN-2FrDmp7dALod-2F2hnW6FqsgPko-2FNweYTj0kE1-2Fjxgqg9lTRN2rq0jtJEugDTvzwFVl17t6pQY7JRAvYDRn48w3oqGj9W19N8uO6z1J-2Fcfl-2BaMlZDnhkDB8qg8r0lTi-2Bi-2BNUlhSfBEtWGP4OccYDLuXkfIPRuIMfvwR90vO3vpZeyAKbiiE-2F9SFv-2B4M2f9bLfonarqPhOMugLfvVO7a9LgYulZcQw4KpZcBong84K5T6-2Bgt5lH2WPaG52cFuaUUfAx48SwrrqPb-2BnU322qEH3tYPLs-3D

Analysis

max time kernel
299s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u47368618.ct.sendgrid.net/wf/open?upn=u001.SOdDXxF0UgsOQn23VrYo2GnShOXkJ8pwCW9mE1i3vgn1sKMxXeM1YaMnmgM-2Fj-2FmUQ7K3zAJxUEAS0u1nmb8Xb7YipaVssNQ8zRpXiCX4fLRAbpr7Ic5mO1eKmDsQSCxSRGN0k2-2F9wsAQI5SlGO3gIeNJThtb9rJ5SCY75tvZdAYMjo0sMITHO-2FW1VP0Jvq6Fw1b3E7SPPHL19M0Ueg0-2FcPgnZbI9UTtEY2OzErUtsvzG61VTPfowYd-2BzAamUFSGXtVn-2FLLGG4-2Bf5QHRcOyKzLgAjFPNYzG21-2Fqs1wMzewCORymn-2BUOI4XFDt5HUNrbgw83T6G7YxEFDfY1Xfe1rjI6SqZsobZtlmlRc8Ut-2F-2B2Om-2BNYLUGVRxeJeBPNP6yQoSwRRQM6pIrEnGBXajtm4RB8Omo5y6Ql1Px2RKMqWhir2QlBK4deoWl8CV0luL2cwrrYKw7VQlk3mfoaF0BSRwm7PXsdfq7Uaw5q-2FMxtyZZXkSOgnvXRrx4-2BiNCMk1CipI9FUnLnb8FueZu8bPbnAE1AZtejAV0icboYCESUqHM-2Fdua4jgCEVlL70Hf0lP0-2Bk2lO7TPsUFYD4xGB6vSNQN-2FF307xbgPjh03kl-2BeKnUFppFQ1AzoE8ZsN-2BzSXo4do4EmJ6qfRMxH4mLAg0XQSWN-2FrDmp7dALod-2F2hnW6FqsgPko-2FNweYTj0kE1-2Fjxgqg9lTRN2rq0jtJEugDTvzwFVl17t6pQY7JRAvYDRn48w3oqGj9W19N8uO6z1J-2Fcfl-2BaMlZDnhkDB8qg8r0lTi-2Bi-2BNUlhSfBEtWGP4OccYDLuXkfIPRuIMfvwR90vO3vpZeyAKbiiE-2F9SFv-2B4M2f9bLfonarqPhOMugLfvVO7a9LgYulZcQw4KpZcBong84K5T6-2Bgt5lH2WPaG52cFuaUUfAx48SwrrqPb-2BnU322qEH3tYPLs-3D

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724527092410717"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 3468	1828	chrome.exe	82
PID 1828 wrote to memory of 3468	1828	chrome.exe	82
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 2972	1828	chrome.exe	83
PID 1828 wrote to memory of 3336	1828	chrome.exe	84
PID 1828 wrote to memory of 3336	1828	chrome.exe	84
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85
PID 1828 wrote to memory of 4152	1828	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u47368618.ct.sendgrid.net/wf/open?upn=u001.SOdDXxF0UgsOQn23VrYo2GnShOXkJ8pwCW9mE1i3vgn1sKMxXeM1YaMnmgM-2Fj-2FmUQ7K3zAJxUEAS0u1nmb8Xb7YipaVssNQ8zRpXiCX4fLRAbpr7Ic5mO1eKmDsQSCxSRGN0k2-2F9wsAQI5SlGO3gIeNJThtb9rJ5SCY75tvZdAYMjo0sMITHO-2FW1VP0Jvq6Fw1b3E7SPPHL19M0Ueg0-2FcPgnZbI9UTtEY2OzErUtsvzG61VTPfowYd-2BzAamUFSGXtVn-2FLLGG4-2Bf5QHRcOyKzLgAjFPNYzG21-2Fqs1wMzewCORymn-2BUOI4XFDt5HUNrbgw83T6G7YxEFDfY1Xfe1rjI6SqZsobZtlmlRc8Ut-2F-2B2Om-2BNYLUGVRxeJeBPNP6yQoSwRRQM6pIrEnGBXajtm4RB8Omo5y6Ql1Px2RKMqWhir2QlBK4deoWl8CV0luL2cwrrYKw7VQlk3mfoaF0BSRwm7PXsdfq7Uaw5q-2FMxtyZZXkSOgnvXRrx4-2BiNCMk1CipI9FUnLnb8FueZu8bPbnAE1AZtejAV0icboYCESUqHM-2Fdua4jgCEVlL70Hf0lP0-2Bk2lO7TPsUFYD4xGB6vSNQN-2FF307xbgPjh03kl-2BeKnUFppFQ1AzoE8ZsN-2BzSXo4do4EmJ6qfRMxH4mLAg0XQSWN-2FrDmp7dALod-2F2hnW6FqsgPko-2FNweYTj0kE1-2Fjxgqg9lTRN2rq0jtJEugDTvzwFVl17t6pQY7JRAvYDRn48w3oqGj9W19N8uO6z1J-2Fcfl-2BaMlZDnhkDB8qg8r0lTi-2Bi-2BNUlhSfBEtWGP4OccYDLuXkfIPRuIMfvwR90vO3vpZeyAKbiiE-2F9SFv-2B4M2f9bLfonarqPhOMugLfvVO7a9LgYulZcQw4KpZcBong84K5T6-2Bgt5lH2WPaG52cFuaUUfAx48SwrrqPb-2BnU322qEH3tYPLs-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4728cc40,0x7ffd4728cc4c,0x7ffd4728cc58
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4752,i,16647240398258578769,17274263817917082486,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\15f20459-dab6-4da2-a5aa-1d0366346994.tmp

Filesize
9KB

MD5
4811d50dcb365b503dedcb3396960a2e

SHA1
e9452bb328df55baee98784606f707f42ac499fe

SHA256
0f6d4ef505f8c06da499e31e66351088aeb9fdee46172e4adc0a2e62fd6e2bf7

SHA512
3e16e7028a93ce074281dc348c98297f19881d1fabdffba5a1473a2fd2207fa9e515128153135b2bf441f529240592797c4e180bbae4cb09e3f908bb76fac704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ff894bf57487f25f3820e23e57daf0c4

SHA1
f92a1967abbb4a20ba1a1b60c8997e1a172a0f9c

SHA256
4ffd9d9111825a7fe869c4261999fb24a442a44bc3f4d820d432edb6d4e65b4b

SHA512
b2e7d36e70de2e23b71190f27a3caf37262654a5278a1f00bfce1b52211f44594570e1ad204a2b56eeeb350f7eb6dd062c8b7bef88c10b9fe98a527e7e8b4148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
961B

MD5
2540333f73002b034540f82813f987ad

SHA1
7f3bbbaf3797fff420e22f2e00589129eeb9b680

SHA256
8b2f545038d9e0303813e926c6356c0eeaef3d06226eea430eff94f40799b218

SHA512
85fdd8c7f3c9c5674859187f5e8265ddd122d576273da67e92a9adb9fb19424e01603162416cd1e286bc74909ed2cf6eae65db4fd735bd6a3f36cb73e5377b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef79c1467a9cfb877689bde59efa3c11

SHA1
94ac2db3fe4d310b3706cc53c026862330fe8387

SHA256
dad1a182955d0abbca8f5e7d181c9bc4f01e0df4696baccd4891190b401eab01

SHA512
e63ad7ce29247dbce3a296ffe8b77acda3f4ec7ff2a738bdeced1ebd9fa7868b92c365c98f015d676a500c7df1fbedde99e0df76ddebd87e55f06aa4d3e8b37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5eec66292c4bb868788241c2ef4940cc

SHA1
36377f8466bbddbc85e71de5db5d168a682ca3d8

SHA256
5961551da162ba3790dee08f7e6d5bf1bd4158b203b93047563e84877026429a

SHA512
299f92f5fe9a0916466b1e7dbf187958ae6e6ee56d09e29892dfc2eaeea2e5a72848a123817c970bff4c5ab46220430f5bb7fa1d63a984eb9f470b0b4a401eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d174f2376ebd8b8a467ff450f9e356a9

SHA1
5b258c5f96116040a25d5fd8b33b4b03d44a9241

SHA256
fa94957401f27ab030229e724fa393ee515f79cbda23f5f15e1deb73d56d2ed1

SHA512
6003c60b37c5d13ab9b67f107a729727b55488128304751941147d9645da0c9bb7a065f6defedcac49a4f25a75958712c5fae60d03a150eddac18259d4f3a7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
334cb5e69a492d89035be722376b56ec

SHA1
c4dbcf2e99c98058f5199505cce4eff5b4d8afc6

SHA256
d33563e26dad52f30b09c8cbfb6435380e36eb5f88cb0dd23bb141c1321fc044

SHA512
f24dff7bf23c5334c5e6ec299837bc2e32d71b1aacfd592cb7d7374f0bfcd20c3401a32f13c196e96c55aacbca0d615c3be71206794b6ffa6033853406d88df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c7157d05827af3ed027a89fe297d498

SHA1
af745f45d092f3377383c03421cd38e65711a5aa

SHA256
06bef714370c82d6f95d50a354257a7e031efa3be5cc29fc1b9b7d8a870bf004

SHA512
0590e23b32f80fffc608ee14db049c7d803ce501aee4749c2453d54c5ec196732858ec3a96788ebf3f77a2c4badbe354d1154ef1ced89447faa310a49814fa32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6fb4ee8a09589a1d5030e860ea9c153

SHA1
e4e8c33ebca3977e46fc087bf70ce072bde88a57

SHA256
5814f2ba4476ea6e4276824f8c8488b73fb2aa9bc16af17fa990389a7d160308

SHA512
e1dcc085b345eac12a42f9c14a3d546ee8e7b7bfdaf02b5d91d7ea38c2f9008358e55013a39365e3bb3ba3115823b392dd5560c9d7057b90143e8b1b93db3d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4776c7bd1d0c812081d2e2314a348890

SHA1
34226735b90e492a6561cf5ef15414d89d1ed7d8

SHA256
986b7e607ba7c0c3aa9cc55d043c26b5ead5129f37fc73a6cc28a55979135a4a

SHA512
4b750ac10025054c1f0ca2d062aa734d4dc1ae283eabbef368bd79ce05e992fe4701fd29e569c02f741af429de9c76f36f5b6f05b5cb0aa9faaadf8d86b316ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f76b042b580246521059ae4cfd418c2a

SHA1
d74b10f4014452c02b293646c832f885728c41ce

SHA256
11f6b7843fcec892a4ef407092b6496da831e388bafabddfe205372444909ccd

SHA512
2e89ebe558cfd261f799f1b7f9ee0eec757362abe1dc94cb4d03e0f0bf3755d234526a8e3b45c3e1dfb9c50d6d6a473558173c86647347c49e144b6738f03680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4db8622c1df5c5be40fbb9ef97dfa5f4

SHA1
e83ae3e291c71c4141860d0a7a4b3d5a205ec3c7

SHA256
1ed1481d3b7327542378ed4431a42d85322e2debdfe6baf2fad3b27f0f15742c

SHA512
d909c7f5909faad8c1b90929df3778731456929c08955cd429e91328a6a01ba8d48e0f6e4c2e0f036a4b02e5b2fb93adac761edbf015b6e253a50952a351a7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8e983083f55829cf6b5af3e8adf802b

SHA1
452bacf0c3dfba257b4ea2fd9bf1ae2801d5ac77

SHA256
43fc9672d9fe9e6a1220f9cbefa378042f2c030f6d0f7150f66b14ef8b3b700c

SHA512
a8368c427d5919376eda1ed839cdab6607bcc2e07d29d3ae3d9cfb89e20b9e5f41df9384795a484e828922068b432cf5a3c95aadc3b8f2dece638fd79246cde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05bd9ad1193227e3e4dd00313180305e

SHA1
e759e90e955d7eadfae4a64887ce759898d46054

SHA256
ce75139ee00b3cdac6abdab1502114b9a5aed5a433a1b81a1100b7cad8d5b887

SHA512
81190c958281a9130e395518410009e65eb83a05c461ef103a54dbe26db9b1f528b3f54a371e4511dfff9f7bd8e8cf893b795d417e4956a3c984fe568ceefd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
704b36b66a762a176e0ae899a76f3658

SHA1
d90f5a449c5211130a2666f2336f260f3572ec49

SHA256
5f4b23b276f5897fb9900cef76ae8f823346c3ab533fecc6e65455074384ac32

SHA512
c7703c3219e706b84e35c44fe35412ca8cb99ba48e7920fdffb4e1e25cd27a8f2c893acc5f9c947ea6bd03eab45323ce952e37968fb58ef97c38daf5c3cfeb08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b53d76a0912bc4055112f7acb536a768

SHA1
f555faf22bb854425fddb6cf50a3b780507f230e

SHA256
c2754ed0bab582440fdb3650dda8c43e4a3cc2e8fe9c2a4912570edc1a19f90f

SHA512
ad04ad2f9a9534d1e990f66378e0b8cf968ae04cd07f85b8ad7d5c8f25a9645b87ba1b938064cf026b83b85bc7f63819015a4df8c2663b71979bc3f420f9984f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f0d7427d69aa6cf35d43a85f6fb7ecc1

SHA1
5098a9e9584ca5086e655d531331e685002eb316

SHA256
1d0f774455fde2f7e398029dc1298f88f4ca457d8fb40ac68eb7dbdf47692e8a

SHA512
16a76081e74e58dabd4f2aad5687fb49d6a47cbaf9d08044c7a1e166e9965490a4a76cdf18b4e33af81b9664f15c602aadb45620a20fa0b946535ed10e484d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a0eb86069661d2149f41cbdfb3ac352c

SHA1
dd84233e8f70edad39485d8466472c9066961bdf

SHA256
7afac41928ed6aad801d91febe9e0adae135b18683781cda5a337c0bbb1f8c95

SHA512
2b80bb9b77117817b0371133c71745794d12ce19e073f28173160807e6e93b56f8c6fcf00c21490ee6ccaf359831c181c712d0271982b2add03967f321779d6e

Download Submit