hxxps://u47872178[.]ct[.]sendgrid[.]net/asm/?user_id=47872178&data=4tg0QCH-3tYeGn82dBHI_WcLQppXztAQhw51vhEzAZ9oMDAwdTAwMFmDn07dvSNlk8xnRKQBdX1WFZzANhADc_dq5Fqh6xbdc2ZXdUslKjcdO4IvbXPZaXl59mFTHkENkH15Ly3Q366cJTaWuZRqIVFkaATx0ZHpl_dF0LWzw04KRaHa3bYas6HOmXy9OMhbOwUr2cH6gzEWsp_hFrWrKbT6xbrPGQlwlhRGs3mmjCQaUecGYOBN77Kwg8oD6t9cRhtZAjW5MrhexWv39dMqmO3C0ZCng-mjxteI9JaDqDoSvP-2O9PW3LnBLaIy5TpFHvdF7MWAfKuslNHslxmjDtr9hdcpfEaaARt7oRp-qfni-jUn0K_RLzdbOd3gr66ha-2b16f_1t-goqUADp5wvA7I-qq5ImpE_MZlTbeBMvoQr11PXpfual5mLp7-jABM9l3n0rlsPSGtKQXNjxksDkYUb2dh7SxgWCNVbbSsQJTtq363RRI9Mj5wVxMz9hPbAyg3bpHIAuUWvK8wzLB8jKPW1uwnmnnWKUSMrorD4uY1v8gjEd56ThMfJDC9phqZehzYL0DYLQsXSa6vJoKaTrDGug-G31rK0LNqn-jpYOWwpLIIa7wU0NnCKb-OdJZjhnM_hYYlACf6VpDV-1POEgsAbeL-FZyp9v3Au3ZScfJ70zvKao_tOtBmqkkv2uuggFsAnFPma9dbVIEG88KscHTqQEdKClK-usy_o6sJDwOn3osKzbZdAFWdXC5HE9W8BfSvLfiohcCBA5tfa6gdpj0AOTk5ccqnpsxlv4Ui0d4IkKfV3dihFglZwP8sSnCSHAQWceuu5d5xw8u9cXHab4ZepxbC46wGZ-LU1kRwZwoiwxpOmn6jr5g3keVZcoR3XElZrZfm3udoa9uEkOpsdrCw1wsxXz4jn6vhs8XP5ORv4Ls1gjgslEUwBDjoQ8BNgOXglrmSaFo3oVJw6e6ZZbljbunz8Z7SePjWBPjKSCdl6WaUFITos7sDnsTeUicDgv7Tp_dmDA7VadCQ9bfZhasjQCbslJUGYlOv5LSE-YPQZDVDIJYtaciOaHKzJz_l34D6P6BqXaQy2Mbo2LBK_OkpZfl1qDgT

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u47872178.ct.sendgrid.net/asm/?user_id=47872178&data=4tg0QCH-3tYeGn82dBHI_WcLQppXztAQhw51vhEzAZ9oMDAwdTAwMFmDn07dvSNlk8xnRKQBdX1WFZzANhADc_dq5Fqh6xbdc2ZXdUslKjcdO4IvbXPZaXl59mFTHkENkH15Ly3Q366cJTaWuZRqIVFkaATx0ZHpl_dF0LWzw04KRaHa3bYas6HOmXy9OMhbOwUr2cH6gzEWsp_hFrWrKbT6xbrPGQlwlhRGs3mmjCQaUecGYOBN77Kwg8oD6t9cRhtZAjW5MrhexWv39dMqmO3C0ZCng-mjxteI9JaDqDoSvP-2O9PW3LnBLaIy5TpFHvdF7MWAfKuslNHslxmjDtr9hdcpfEaaARt7oRp-qfni-jUn0K_RLzdbOd3gr66ha-2b16f_1t-goqUADp5wvA7I-qq5ImpE_MZlTbeBMvoQr11PXpfual5mLp7-jABM9l3n0rlsPSGtKQXNjxksDkYUb2dh7SxgWCNVbbSsQJTtq363RRI9Mj5wVxMz9hPbAyg3bpHIAuUWvK8wzLB8jKPW1uwnmnnWKUSMrorD4uY1v8gjEd56ThMfJDC9phqZehzYL0DYLQsXSa6vJoKaTrDGug-G31rK0LNqn-jpYOWwpLIIa7wU0NnCKb-OdJZjhnM_hYYlACf6VpDV-1POEgsAbeL-FZyp9v3Au3ZScfJ70zvKao_tOtBmqkkv2uuggFsAnFPma9dbVIEG88KscHTqQEdKClK-usy_o6sJDwOn3osKzbZdAFWdXC5HE9W8BfSvLfiohcCBA5tfa6gdpj0AOTk5ccqnpsxlv4Ui0d4IkKfV3dihFglZwP8sSnCSHAQWceuu5d5xw8u9cXHab4ZepxbC46wGZ-LU1kRwZwoiwxpOmn6jr5g3keVZcoR3XElZrZfm3udoa9uEkOpsdrCw1wsxXz4jn6vhs8XP5ORv4Ls1gjgslEUwBDjoQ8BNgOXglrmSaFo3oVJw6e6ZZbljbunz8Z7SePjWBPjKSCdl6WaUFITos7sDnsTeUicDgv7Tp_dmDA7VadCQ9bfZhasjQCbslJUGYlOv5LSE-YPQZDVDIJYtaciOaHKzJz_l34D6P6BqXaQy2Mbo2LBK_OkpZfl1qDgT

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766664106324445"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 1340	4708	chrome.exe	79
PID 4708 wrote to memory of 1340	4708	chrome.exe	79
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 2204	4708	chrome.exe	80
PID 4708 wrote to memory of 4024	4708	chrome.exe	81
PID 4708 wrote to memory of 4024	4708	chrome.exe	81
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82
PID 4708 wrote to memory of 496	4708	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u47872178.ct.sendgrid.net/asm/?user_id=47872178&data=4tg0QCH-3tYeGn82dBHI_WcLQppXztAQhw51vhEzAZ9oMDAwdTAwMFmDn07dvSNlk8xnRKQBdX1WFZzANhADc_dq5Fqh6xbdc2ZXdUslKjcdO4IvbXPZaXl59mFTHkENkH15Ly3Q366cJTaWuZRqIVFkaATx0ZHpl_dF0LWzw04KRaHa3bYas6HOmXy9OMhbOwUr2cH6gzEWsp_hFrWrKbT6xbrPGQlwlhRGs3mmjCQaUecGYOBN77Kwg8oD6t9cRhtZAjW5MrhexWv39dMqmO3C0ZCng-mjxteI9JaDqDoSvP-2O9PW3LnBLaIy5TpFHvdF7MWAfKuslNHslxmjDtr9hdcpfEaaARt7oRp-qfni-jUn0K_RLzdbOd3gr66ha-2b16f_1t-goqUADp5wvA7I-qq5ImpE_MZlTbeBMvoQr11PXpfual5mLp7-jABM9l3n0rlsPSGtKQXNjxksDkYUb2dh7SxgWCNVbbSsQJTtq363RRI9Mj5wVxMz9hPbAyg3bpHIAuUWvK8wzLB8jKPW1uwnmnnWKUSMrorD4uY1v8gjEd56ThMfJDC9phqZehzYL0DYLQsXSa6vJoKaTrDGug-G31rK0LNqn-jpYOWwpLIIa7wU0NnCKb-OdJZjhnM_hYYlACf6VpDV-1POEgsAbeL-FZyp9v3Au3ZScfJ70zvKao_tOtBmqkkv2uuggFsAnFPma9dbVIEG88KscHTqQEdKClK-usy_o6sJDwOn3osKzbZdAFWdXC5HE9W8BfSvLfiohcCBA5tfa6gdpj0AOTk5ccqnpsxlv4Ui0d4IkKfV3dihFglZwP8sSnCSHAQWceuu5d5xw8u9cXHab4ZepxbC46wGZ-LU1kRwZwoiwxpOmn6jr5g3keVZcoR3XElZrZfm3udoa9uEkOpsdrCw1wsxXz4jn6vhs8XP5ORv4Ls1gjgslEUwBDjoQ8BNgOXglrmSaFo3oVJw6e6ZZbljbunz8Z7SePjWBPjKSCdl6WaUFITos7sDnsTeUicDgv7Tp_dmDA7VadCQ9bfZhasjQCbslJUGYlOv5LSE-YPQZDVDIJYtaciOaHKzJz_l34D6P6BqXaQy2Mbo2LBK_OkpZfl1qDgT
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9045cc40,0x7fff9045cc4c,0x7fff9045cc58
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4336,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,7227986221724061385,16222261288973962270,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8c440936-b4c1-40da-b707-80e1d6257488.tmp

Filesize
9KB

MD5
27880dd83646fc268778cca664dcab28

SHA1
765ca4a46b2f1e55b22adf06773367c1c8bd32e3

SHA256
c2fb9e8682cd1a388b5efa7f72358b569f09f831abc0493da17ee8d63aba0ed5

SHA512
7d9c731e4fad5fcf9809044df21809b202bf12a5818330ce066c21e3d32074dd71c4098398e5a6d0387d57424ac9029229c8175b272349ea41e9708506e2944c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0d55f22774694a9bb23874f29170bfa2

SHA1
d8a6b4318e830028da58d0f74f0141d4037f0238

SHA256
1f23db02c85e0cc2a0413c240def6ee899410a0fe1fce0b846f981948483068a

SHA512
fae6defa1fb0a06286a8c5054f41ca2f44ce5a2ed443ddb7f2304dbad3b76ddd9534f455f7c97630982d53d2db3a5f948625374adbf17b1adf50bfa730697418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
12327f63ba607fc26b8c20c32180e7aa

SHA1
4b6cda28d4ac4968bf052ad28e25deaa6f2c4879

SHA256
03f70b7a04779a5b3ddb93ff418e573379b506a2a1f435f867b662cda0f87b43

SHA512
6600e12a6b9fe09eee171e0426cc82f7627b9231d7d862bade92fbe226c39ddcdef11ab801bd79c2ad62c7613fb4632636ce481097d630f34cfc3b1bc1baeb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01797f775f7e86966fe2679a8e5acfe3

SHA1
1250d720607434882c338646eeb41eb003245de6

SHA256
673710b3b382ced8c87197149401eff74c17f20aa5ed738ee2f313fdcc25755b

SHA512
86d708c971104b3015f265f4a534c74e9d609abf684230931f0df2eaec63a7cd3f876cedfa16d0e8ed8fc53b549c2636864fe9127baed087a0e16c06be1c72f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73b594de64acd53846fd5b8443f79ae8

SHA1
e58363b34434a70b3c64571640d20403ac442688

SHA256
2fb536676343bc992a611f1806a27c05d8299efe50dd3a1bab42cbce5fe2107f

SHA512
024ea60b4ec65302d7513ce87116d2ae4e6d8a97b1b28680884f813e0e3b882a372eb3b483bdd6e4bb652b953d0cc9b4125405185e273d847810b762d2287251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a78babdc9f4e3cd750e0b344c2ffe079

SHA1
c00aa5baec15250c1f4dcd6548209ebb6b39eebf

SHA256
b02356c434c4813b800b0482f58024cb23a487811e7c800345c16507687b859e

SHA512
9506e4cdc74af8bfde40a9758c1f5b2dded39cd437e14a36c444242159c84ec27fe95c7c375966556366a446f40cd3076769ee6a1a063361122a7da468c90ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f67ffa308138e0592284485a62c5c0b

SHA1
d632beb242c2a488877873710b4ee0c56c017434

SHA256
9a42a8a320d3f70cafe052d2710bec8e212a6d4225b16b37947c5acb08c91d11

SHA512
c598a0326a7e1265cb41e6d35d5cbaad9b5e0e8c9017ee968321add925d8d463eb9b06abfa82b50b8c37d8b32bd9273c5f3fe1b42eb39356c6fa2305588a1846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93923dda184bde470738059a13a71eb5

SHA1
fb8f94af63bdf20fa59e1db8f00a739ed06e37cc

SHA256
0c73b24d90355b098c6f5ed32682c7d1b953eb45a0e91bdcbf2e66c666b66630

SHA512
0eb6373072403927a347d051838dd0bea9c9fc14ca8ea747a189477e1e293511dfba221b9329bdf045b353ebf1f0086eb7a46de2374283df4c752fed25a966b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
59522fab1c749c468be2259e667d9b3c

SHA1
a6337586c5a0c90c03a7feb8b1355ebcc4b09d4f

SHA256
350292aa0fb3efdde5cd597b1cdf9556e6da7706d58305f1ea79cc530571ab27

SHA512
67eeee63657c1d6155bff43c4a805f1410e4840590a3d27f18107414cf9e2a5aa39bb06a2529ad50a9cea5da926a24ecc83d736539750197617975202f93e07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
101ec8ed56024dda584f20db125db7fe

SHA1
90ffb40327276fd6d1d0563e5bc7e41fa091c684

SHA256
eb76b14949bbd4cee633bee248c36565f404e149b2a1566edf259eeee51f8c89

SHA512
8f145c03b51b9d28aebba8118b671c171db1e76d0feafb77351afd6f1915b71c75a3ebff60331f7bcb7256f025e432a43f73c34c6de63d8663fcb74c0be4f823

Download Submit