hxxps://www[.]bing[.]com/api/v1/mediation/tracking?adUnit=11730601&auId=2f5ec8f5-fa94-4452-a61c-9855f1730101&bidId=15000&bidderId=4&cmExpId=LV3&impId=8a3239de-a602-f918-4df5-4c15641e8473&oAdUnit=0&publisherId=160344049&rId=0ce1fe64-6ed8-4cb5-b580-ae22ff82d74a&rlink=https%3A%2F%2Fwww[.]bing[.]com%2Faclick%3Fld%3De81PYveJqt9GLyr3o4SqkKDzVUCUxbdtGJv4uFqGu5APbwQINKC32Or92xJ62LYEZ3HMaGhe0CsfhMWJVaqsaGPKTwjDFJ47vvEZ3EVSRSqmMwOf77r5qwP-183KBearyKHoZ3O_ShLSedkL7Q_IvuFAgDYO1jrr0vL4nyzgS4NYVsmLWWTZ4aoa5Dem5ySXO6uY2yQg%26u%3DaHR0cHMlM2ElMmYlMmZhZC5kb3VibGVjbGljay5uZXQlMmZkZG0lMmZ0cmFja2NsayUyZk41NzI2MDguNDEzMzU5OE1JQ1JPU09GVEFEUyUyZkIzMjc2NjU1NS40MDY4MTE5MTElM2JkY190cmtfYWlkJTNkNTk4OTM3MjQ3JTNiZGNfdHJrX2NpZCUzZDIyNDM4Mjc5NiUzYmRjX2xhdCUzZCUzYmRjX3JkaWQlM2QlM2J0YWdfZm9yX2NoaWxkX2RpcmVjdGVkX3RyZWF0bWVudCUzZCUzYnRmdWElM2QlM2JnZHByJTNkJTI0JTdiR0RQUiU3ZCUzYmdkcHJfY29uc2VudCUzZCUyNCU3YkdEUFJfQ09OU0VOVF83NTUlN2QlM2JsdGQlM2QlM2JkY190ZHYlM2QxJTNmbXNjbGtpZCUzZGQ3ZGMzZGM1MGQ2ZjE5YzU1MWYzNWFmZGI2NzNiYzFh%26rlid%3Dd7dc3dc50d6f19c551f35afdb673bc1a&rtype=targetURL&tagId=monarch_focusedinbox&trafficGroup=bhgybbx_qrfxgbc_jro_ego&trafficSubGroup=zzf%3Abhgybbx_qrfxgbc_jro_ego_gvrq-pbageby

Analysis

max time kernel
299s
max time network
268s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/api/v1/mediation/tracking?adUnit=11730601&auId=2f5ec8f5-fa94-4452-a61c-9855f1730101&bidId=15000&bidderId=4&cmExpId=LV3&impId=8a3239de-a602-f918-4df5-4c15641e8473&oAdUnit=0&publisherId=160344049&rId=0ce1fe64-6ed8-4cb5-b580-ae22ff82d74a&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81PYveJqt9GLyr3o4SqkKDzVUCUxbdtGJv4uFqGu5APbwQINKC32Or92xJ62LYEZ3HMaGhe0CsfhMWJVaqsaGPKTwjDFJ47vvEZ3EVSRSqmMwOf77r5qwP-183KBearyKHoZ3O_ShLSedkL7Q_IvuFAgDYO1jrr0vL4nyzgS4NYVsmLWWTZ4aoa5Dem5ySXO6uY2yQg%26u%3DaHR0cHMlM2ElMmYlMmZhZC5kb3VibGVjbGljay5uZXQlMmZkZG0lMmZ0cmFja2NsayUyZk41NzI2MDguNDEzMzU5OE1JQ1JPU09GVEFEUyUyZkIzMjc2NjU1NS40MDY4MTE5MTElM2JkY190cmtfYWlkJTNkNTk4OTM3MjQ3JTNiZGNfdHJrX2NpZCUzZDIyNDM4Mjc5NiUzYmRjX2xhdCUzZCUzYmRjX3JkaWQlM2QlM2J0YWdfZm9yX2NoaWxkX2RpcmVjdGVkX3RyZWF0bWVudCUzZCUzYnRmdWElM2QlM2JnZHByJTNkJTI0JTdiR0RQUiU3ZCUzYmdkcHJfY29uc2VudCUzZCUyNCU3YkdEUFJfQ09OU0VOVF83NTUlN2QlM2JsdGQlM2QlM2JkY190ZHYlM2QxJTNmbXNjbGtpZCUzZGQ3ZGMzZGM1MGQ2ZjE5YzU1MWYzNWFmZGI2NzNiYzFh%26rlid%3Dd7dc3dc50d6f19c551f35afdb673bc1a&rtype=targetURL&tagId=monarch_focusedinbox&trafficGroup=bhgybbx_qrfxgbc_jro_ego&trafficSubGroup=zzf%3Abhgybbx_qrfxgbc_jro_ego_gvrq-pbageby

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762448360709550"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 5064	4828	chrome.exe	83
PID 4828 wrote to memory of 5064	4828	chrome.exe	83
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 816	4828	chrome.exe	84
PID 4828 wrote to memory of 1564	4828	chrome.exe	85
PID 4828 wrote to memory of 1564	4828	chrome.exe	85
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86
PID 4828 wrote to memory of 4856	4828	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bing.com/api/v1/mediation/tracking?adUnit=11730601&auId=2f5ec8f5-fa94-4452-a61c-9855f1730101&bidId=15000&bidderId=4&cmExpId=LV3&impId=8a3239de-a602-f918-4df5-4c15641e8473&oAdUnit=0&publisherId=160344049&rId=0ce1fe64-6ed8-4cb5-b580-ae22ff82d74a&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81PYveJqt9GLyr3o4SqkKDzVUCUxbdtGJv4uFqGu5APbwQINKC32Or92xJ62LYEZ3HMaGhe0CsfhMWJVaqsaGPKTwjDFJ47vvEZ3EVSRSqmMwOf77r5qwP-183KBearyKHoZ3O_ShLSedkL7Q_IvuFAgDYO1jrr0vL4nyzgS4NYVsmLWWTZ4aoa5Dem5ySXO6uY2yQg%26u%3DaHR0cHMlM2ElMmYlMmZhZC5kb3VibGVjbGljay5uZXQlMmZkZG0lMmZ0cmFja2NsayUyZk41NzI2MDguNDEzMzU5OE1JQ1JPU09GVEFEUyUyZkIzMjc2NjU1NS40MDY4MTE5MTElM2JkY190cmtfYWlkJTNkNTk4OTM3MjQ3JTNiZGNfdHJrX2NpZCUzZDIyNDM4Mjc5NiUzYmRjX2xhdCUzZCUzYmRjX3JkaWQlM2QlM2J0YWdfZm9yX2NoaWxkX2RpcmVjdGVkX3RyZWF0bWVudCUzZCUzYnRmdWElM2QlM2JnZHByJTNkJTI0JTdiR0RQUiU3ZCUzYmdkcHJfY29uc2VudCUzZCUyNCU3YkdEUFJfQ09OU0VOVF83NTUlN2QlM2JsdGQlM2QlM2JkY190ZHYlM2QxJTNmbXNjbGtpZCUzZGQ3ZGMzZGM1MGQ2ZjE5YzU1MWYzNWFmZGI2NzNiYzFh%26rlid%3Dd7dc3dc50d6f19c551f35afdb673bc1a&rtype=targetURL&tagId=monarch_focusedinbox&trafficGroup=bhgybbx_qrfxgbc_jro_ego&trafficSubGroup=zzf%3Abhgybbx_qrfxgbc_jro_ego_gvrq-pbageby
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7fff7fd5cc40,0x7fff7fd5cc4c,0x7fff7fd5cc58
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4888,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5040,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4776,i,17044742324606434555,7913706517832705654,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
68303e2bb14ff68f38a762b4b6e90640

SHA1
e879b2d2d6db20fe409e411ea5f981a2c6eef292

SHA256
25db9319dcb6f7ba0a2a1de47a4a9539b22aaa4394a5ebad43adbf3344891d9a

SHA512
1e1f533fcca493439436e6ecbfb190bcec57c525337bbe7d4ec074342666f061934fecf64d68d1bea9738316dd2fdabdbd25cdcb5547baf029b3c8358d32f9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
348f67644adfb4f1ccc4ba5af366dc44

SHA1
a31d7e2c8da64736ab9d0cf29145542b95d6422f

SHA256
173516685cbdac8be950aedccb10e06b4136d0dec3d91e0f538d4a9b3d1c1f54

SHA512
cd9bd5398b20664c9f689f1017f278ca14cdf489826bacb0c57085a24da18d03e3867ae4926771f4c0cbd10a4af4b906eba1cefc0cb8c66e86cc632d52b914a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cff5832f1871956dfa725dba0d8a8331

SHA1
91b3a850e693415cb9b55cdad6a1b1a235a615b8

SHA256
5ec1332af521c38eae5bc56730febc2ce61b3f86c9b2703c80b2b379b11afc53

SHA512
0e187ab754da5dabcc06eb51a8a9c0b42ed0fd9c24b365d01f9193d1bc2b3a91229ba180d9c5aa0dc484425cb5b7ec89f4197e2ae05032e1d3329b621adfc085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b54b2ca2c9327b036b00966e3356945d

SHA1
e024cdf0a6ec195b1622edac5a935f4dcc8d079a

SHA256
78a5a56074fb65dee58f4e3d8f5fa830645306d324630b3d5eaaf6d818658312

SHA512
1e32573befc804cf827684c2423e7ed5906faaa1acd6c297c6a1fa8f0376359d5b037224b4f1f97e796e6071f3ccc8fdf8843081726a9a4a922e38e32c37a23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
85042082f792c315d93c015174b26834

SHA1
f5fb302d8ba5088d27b22837bbf50ed5638a6604

SHA256
ce73a40da2b9aaa7981852f8b370565ce6f260878a549dbc33944881b813fa02

SHA512
26772a0ea5c1b147f0a959e273ca6a33caccf811dcc21aaabc4faf533ba70d3d3283d55f5aebb598e89d0e381e2ffee3be41582bcd4926cadd387ad939b445c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6ba9e35b9e539c5864b7097a092a257

SHA1
f4b36d13078c30e6abb2bc3a399f9e072d459afa

SHA256
ca60c3e62090cacba0c8d9b75f37b1a2cf8b62127c3355d95ba4bf9e9f6c6870

SHA512
3932dfa5abd55335a7925e9342e82247377a0566ed5b686805356ccbd3b3628d4653f882d82f49d3d5e0f1a2eaaa1cf317c5f47c0a5fdd336af5b0dd422a2eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3af8e562293f2a7f48bc6e1320f156ef

SHA1
860768fc9f96f816e740eb96cd487aeef44c922b

SHA256
f2c1541d1760dbd0bb9798e63ccc0fb75070342fd225e7ca952f5562c34f4e4e

SHA512
e4df8fb1781c529c8c2fff790ae304aa2b2489f8005dd244b284e741124d4a4a8d39180cc6478132a729a36aacad78afe81767f80a8fb38b7cf6f13271a04beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08c0d1c2851640315d94887c879cf34f

SHA1
b98f107241f83500140ac3f92ae456c46e1862a8

SHA256
62c5519b61335482d5604e7b864a61d657e6b887deab1c41464c7e8359428b52

SHA512
51e227072f9a3d9f64967fb3acc6d88649e76243e9660852da6c1b8943edde770a900ccdba11bb63705ea9d6c8f1a7d2a5cfc3321407c9dc184e1018460b2664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b768f238061e4f77fb537b1ff851c3b

SHA1
8a40e359bd35709f8f2e2f50f97f4f25b76d2a95

SHA256
497fa64a4e30275998e4ce1e327b8910c972024d33daf68168b71afa0a154235

SHA512
61c56a25a5c217391ff6479eca588c891a3e8faec304260ca5c11fc61d65a82c6b9dda0a218be3379c89d3f7457d46aa27c660c7db5c630d3f92c0238a091c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a49b000c54e9b4012079c511bf69e6d

SHA1
116c59814d524063bfa3d3fb685197f5508b2282

SHA256
d2df351070d1d168fd18d4de17bee9670bd0fa011432cf8657b78c220d30ef4e

SHA512
774bf471f918e00e3476b443bc10b2913ffeb3ac52f72d8630382dae54cd8b5f64af6ae5a6ec2ca66c4c80601253489f491adfaf964fe891362e9bf12bac4196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2792c732dfa7aff02088b7e2e610011c

SHA1
d8520130b48e666fb1ba57d7a830db4050bf4a98

SHA256
4ebe462cb46b09ba4a2deb5ad9f3f1205c1f75edcb766235dc437d05aab1e760

SHA512
c21f1aaa9a6502f873a39a0ce46a8af92bb051f88c94a146ff0d40d08d7e2fca82d5e9b7f5d8afd011b433ca967bc59cd4719a35c9de9c24f694cb5a495978d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cbf506d9262517be0ecb95ae3a94504

SHA1
fc3e06e013bd61cbb2c0dbf772bf9a7ea4f92cea

SHA256
b388f16e54f930f8402d269bf1531bd798cc61e41ce34ef643cf883cae0380bb

SHA512
c7dd23f5d37f96c6783679bfe4dec2a0bae5ff22ccecc7e73c0df83b14eece9825fe856d951db044fe559f2d859924ca442bc70fd1bd514bd0cd2d7044512726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca5004a8a5f267a979f789b1d54717f0

SHA1
fb1c9f51ac6f5b3b6073040d685cc0db47068adf

SHA256
54e780e6b572f8f84d298cf1ac2fc33a43f4f0ed1a10c306a27b828a08770a97

SHA512
9413b06cded11bfcf0e87a1059e0a6d7112af87cf4a2a79224f6fd8b89055fed18bcbfb7311cafac0a880192c1c3e92803a9308c14a7dbd4821db3e11cbb41e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcc13586a468b93ce020cc9297e85e2f

SHA1
0201ad861bd394690665cb705c8ee64130fe79af

SHA256
73d5ac2c8f6a8735215b127f5f866589e4e6c0f0bb0969497f0b660fe2e8ffc5

SHA512
972e92726b8712147a56081cde1235230de6b5b8f6ba4a9dfbf17f7ea2e5c494165b1c4ed9e8293688500f7840706892c1bc43fb4453304f5c3f2c8404a9ea19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06a4df88cd818c508d4d5c0c8c7e7e7c

SHA1
027e276868971d6783863e96c6582537c92f13b5

SHA256
9560ae5758229a239779dc35630073a7784fde985b8089113f513cf4cc1e5a09

SHA512
074fb4d936a055a3ea7779daff88e24c6b4de4a4b7964b5644e30f74f30c7958ad03a7c4212819cb968e122da48b867cdc51057b7f57d783b56ef9486b18cc01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cdca463af28e5e7571121c622a54745

SHA1
65fafb569763c7759a66d4c0464732f2eff69110

SHA256
44e07adb8c4cadc5ff91867cbb85945356eb9190a433337308086b1dac03dcfc

SHA512
352889c6f0049cd6b841dd45dded900c0c558414896664bec00e6496c512512a4e89c47ab6e14836437e02e571822fdf2c85843c68207922e9c2fc218fdb740d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c580906710e6d5e0f58325d27b0277a2

SHA1
952a9ae8609c8732171b385a9efa9666ef6b61df

SHA256
eaf06cfec5b0e85384ced637d3247d5504cfb11923a1f8bdb3e26acf06cd72ea

SHA512
89bc6bcb8ba341fce4209e1afd6a3f811447979ce4f1cd0b54a20f4d20b1e65636e2bc080a7a035f99c6985e9982072385f3fb410533d93fcfcd4d8260351c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a8e02123ae09a2c8a0c5b9089506185

SHA1
5beb68580c48fa98305ebeee47fe4304f210c4e1

SHA256
c12695f5e07268e8dc113ce2204497e3e279378a2a01882da3a4cb6aa177cdc1

SHA512
dd6c76ba616ecd570836c7148a80324c01ac558ae3ff4873e144cd44fc8a2af2a9edc0b7823d6633143692e79399ee7e5031fc3199909f2767a6f114a8cbd983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db18c2d470b5ef54a11466a57471e9fe

SHA1
7475538196e9500e0539bc69ebd70702c023d038

SHA256
4d128a4640d4186f03277dc892146635eab981cc222874361f3b9a36e569ca77

SHA512
21438ddc78b3d9e1457d097795d2cd5d807c8c5b612ff097db24d1c1786cdeb7e87899915e0419b8d9b39ca2a9344d0d921695c1b2af2eb5929be66ad929dbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87d2fe7911d7c20b4bca56eff9010748

SHA1
fe5ff82e77ee48f236a113dc5f189aa2851a63f8

SHA256
927bca4f014a57a28ae3cb627cb8e55482a28e4f5f2e36d6b66f6c31525d88c9

SHA512
4d498c9597f27143056b84cead0dd9c4a53db21051f646f2c0604ab383094fc7ccb9c0167bedfc33d9cee58922400495e8733dd7228add2101fccd7444bc08a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de1fd364a5277aa4cc069d9b9caf10a6

SHA1
25868e10cc0c4a38da4f30b61415153a50967a7a

SHA256
a1bb75f3121301eb7f96de2a890f0a8702d75d098a8644b9b88d6892afe30817

SHA512
299b71d87cbf09f9f7ab0c5e9c5c35600d3c97e0e789ac903c71849262f02935f2fdbf977d75672e2acfa8fb3f112163baa54da6614ad55a33ce774ed2a0e07e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1beba069e2f6381513325d1380000c8e

SHA1
32303c4afdbb40f2b70948f5e58ec4c964b5286f

SHA256
4dc0e91106d25658e54c0187580f69cbf3568bf69b3bab6ed0b6c2d3ae4b7f52

SHA512
d8aecef6903760f888e195210bfaba302200d5a1dce8d45fbfbf889902a836ecf2f67b274b35d4149e68c7a864463a6a473c7096d204fb497893509d49cc5285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c900acf0c141e734fcac55375a706b6a

SHA1
02ea9ea9a470c0228e5cfa69fc9c73901370313f

SHA256
6429bce7acb4db6cfb72324269b304586b8ba23c6b146d17b811e695b2151a30

SHA512
35feaaa87504181804e6d2986948912c02780ac17df1f7e3bba150f6877d43731ec3c9d68753c3c1626d76495f786a1fdd26887018c700fb9d4d8538cd4ff4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3846351d73d56a83880816d1d3f3c87

SHA1
829fdc975fe819b685a4f44b1dd57d127c456c64

SHA256
602421c4ef642cc3e7582aeda8aeb9e47fc99c2d213cce77880c547f3b752526

SHA512
a36ad21ee0fb4e4c376d3d7dabe1d1e57bf02bd09d670e68b1d6cb65841b8a2dd9fae2cd2559ad09556cd18e2b7e81bad852f9be9f506a2a367f163d91f81636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33ece6c687226687ded8e91394391707

SHA1
9f914bdacb30ad7a815546c49603236e5b689e80

SHA256
56388dd0303bf5f5a38f65963510d7b2502c5c19414912634ed7dfec75863eca

SHA512
765695bdfe171a3e7e374d043fb890acc7fcd330e64faea50110abad637a372a66ded008ce3f314d5736a8907456bbce13e74ea6dc3473bcd711beb9cc20a8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cee9e092989dc9f054a634810d87dbc5

SHA1
4fa2d636a4defa4dce30d1e02ec612c24f9db729

SHA256
0486bf2cc158ebaa5108541edbcfb361cd01a8b2d01a091b0be905e01e6036c2

SHA512
bec18b9363285152b4234d337e8681d54c85b9da7dc696423d0eadb5f756de9117fbf9b77dbbc19d872b8e4834d7c50e8800c0ff7a77cdcef51f78b790df8c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e17d2357f16663d21eb81805f25974b8

SHA1
78a3deefa53c5b7bae52164733c3895c45664930

SHA256
2539167b191ca5729d52e23d132b055fa30a9ff53c1a1027dc092754209bd5a3

SHA512
e58dcc427112555a22dd848a0d5969ee18e7028534a16038fcf09b27aaaab76d7c68212f584860b85ddca553cd22de68c70b677d7116a8a1e8d82814e3027db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
544119c7bfa85346d2f0750b9f9d8208

SHA1
87f7cbaef851aba312cc74d30000a6839209e160

SHA256
8146438f10400d70ef1668524b3f9b18bb8d341b879bd9dadb05577ac6c02e40

SHA512
0c8f3cb8973212d52ba5cac6eae50ccc70c4945742436d426c66274d59befbee5f4f9e9b9b17403081ce90e4f47259636b582df58edc1254714a79f2343e6b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9ee1a3f00270e78b7c641d900d366e26

SHA1
e8cc1feef908d30834145f7a3703e07addb250ea

SHA256
7dfd7257715fa61a6579c977e6efdaed182b3d0a4ac4dab7035ef1edca8541f4

SHA512
ace90c226245000233ae334afa71f6a41fdbf6a9796968d81ff852a5bbdf571238aa03168e9c46ac6fe88f44635dbd86c3eb0961d418c2065c985f5dd6f2c58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0c96913d8acce590fc9bcc6f8444ea1e

SHA1
caed1deb0549eaf113d8bc6c6d8328c1641c4621

SHA256
3616441e01626f6816014d447649f32459abcc0ac626efd20c76b18380ab5c2b

SHA512
83c2017b5773e5c86608651fe8c7cb1c76e198413588a8360e245ab7c0a251a3f1ace118284c82144823ef9e927f8d82b53dfb4eecb3805978bbee6a06c31cd9

Download Submit