hxxps://drive[.]google[.]com/u/0/uc?id=18aAJa7SkqCwzUkpe3707IOYmCDkZmif6&export=download

Analysis

max time kernel
495s
max time network
1721s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24-05-2023 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/u/0/uc?id=18aAJa7SkqCwzUkpe3707IOYmCDkZmif6&export=download

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

1220 chrome.exe
1220 chrome.exe
1220 chrome.exe
1220 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1220 wrote to memory of 1252	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1252	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1252	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1872	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1316	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1316	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1316	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe
PID 1220 wrote to memory of 1580	1220	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://drive.google.com/u/0/uc?id=18aAJa7SkqCwzUkpe3707IOYmCDkZmif6&export=download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778
2⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:2
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3188 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1440 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:2
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3764 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4060 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4324 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2220 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2264 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2340 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4820 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2184 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2064 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1040 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5596 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4448 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:1
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=548 --field-trial-handle=1256,i,9298634401902708154,239709626831244630,131072 /prefetch:8
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
65KB

MD5
b073d577d7e4df41dfac73ee1d0270fa

SHA1
6204b9242f8df0124de9ae7b31cbebfc85201fca

SHA256
66fe4c2a21e0f0cc46184a7b679e1562f3a7cda9cd8a16a9a446b9fbfe18000f

SHA512
c397bc9f8f0c3dec9b38d07ca35473fa103c96e58c414fde3352dcb47db262a887443865bdf1ef36e6b8aee461775feb34ac1eb3deed736673cf13c5dc828a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
1b9af88065789b7d0db9d069bb56c2e2

SHA1
cc6d36ed2033ba8d637bd90bea6799417ff8abaf

SHA256
65856cc13fc1011fa5ae13d13683672d34699a8d32979fc2edbb129afa3f6f37

SHA512
f0c5dfe42a0cd44c009f22cd2b29d97ebd6c6ba0c3be9add5259f03fb033dea82552dfd421cd8e223b77cddf5afe013a308c04858c83597b38487f83c95df197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF6ccb6b.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
df78ec3de54b69ae9eeb106ee873a6c7

SHA1
5b2dbddaa35c001a66f0db465c1da1c38819ea1c

SHA256
4fc96db7ea667714dc092d47c1ba3c3613f824970e42f8e2bbf8cd358d8d5789

SHA512
ff3e2fee4ac3b723b686a1948d0ed79f2cf5f0e9d3b3cf36a3c4937051387bc6c7848caded49e442a6b479bf1f7241b9f66524a0cd0a7aaabc3256250acb44ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
abdfbe0754c122ab69168c4d42ff8a52

SHA1
6b614bf30471f47920723d5eeac23236f302ee65

SHA256
f0f2f1e6bc35a74a273e3d732537e74d13079e0cec226e5b9aa36bbdba087d37

SHA512
a4dd8dffbc845498f52820d9fa86b4b55ae55780fde3ba9738fad8f1ddfceeedd2fee9f25956dcc5c4f79eb6e03e39d9aa1529f6846e76e393c12925e4c7475c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
3340d282dd56b034a9796a5a631ae18e

SHA1
380b74ee799c091113f7a501ff9231df013ab9c1

SHA256
f6feaf40851772d1dcc24b29405bfa9d33265e04995db88ba495ac77fd695c16

SHA512
e8fc4153699484b1c3901cc71f8a0b1b14130f0f6d983aa32f475a06c1a9d9b91ef5269df7d648bab9458aee383a2cca5f7af054c7f77235c5eebaa7334aba18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
19d68d95892b59716c9fa311d95ea9e1

SHA1
10c38f7a9c1778ef2d93403a7e17a5eb7580eeba

SHA256
72ffe7e6662b1be40b8cf6479b740e1986d01ccb19d7e032eb9efc27d98ed3d8

SHA512
b24c61399cff697a684c2947273938ad85921739b974d82a28d898133fcf40d15d428216aa56137dd4688aa19593c0ac3dc717aa87282df1fe77180d975d3b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
cb2c683f1fcf7086977cee8e71188906

SHA1
c1db4b0a20e9c9eb56d61856ac8ee6300f045a69

SHA256
5a08a4b1bf5614591651395c93f4c7594b6bc1f944d41268743ad9d850e15ecb

SHA512
94b6c88208ddaa9785d00f5d7a2bd0eeea6d71b58dee40791d8e619f0330927b484aae374ef97cd57be77ad476f4af6febf0f540934bb562193234a6bc2d9b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
5d8a6c07222619ba4061d9cf7a3ee39c

SHA1
63f616c5401ae9bff6bf1faf9b828292b9f328b1

SHA256
03966186f9fc3f06d277d9568cdb7e2380cc37bb13fe4bf5c829a80172a49036

SHA512
8033767b74a3a528e62bb2de07186e585b0fbf82cd605ce85233229b216d7b629101fb032c02594fb86df109575ffeccd9fb4e4108a0dbf794a39c6ed02e510e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
94cdf030d81de0361b0a607c024a0293

SHA1
a8f14c0066384df47575e6a063bcf7c3ef1da2a9

SHA256
fcdaac2ad4ad2874e529731446b1b19cd8f6c0abce838b82ee7f2c37bef66f30

SHA512
4481ef64c3eaec378e817da99ac8aa52f0a27054c37eb5f37b493fa0d0ae60a5077fafdde7ac5ac418d531ca263e2119b1889cb78db59bbf4b2c39cc3b9db074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
5cb274aa6de290d6c9468b3ae13936cc

SHA1
4017e27b4a1e9d8b43dc137aea726046a18e5344

SHA256
28242165dd0c35f91e88cfd081fdabc5123076a4abb92132b056b018d00b864a

SHA512
3038b0389de95894191baba4aadce9ab84478dada03adeb7d9a61fbef11e2ee69a48fb9a23b593d926ed3bd955d8ff261ddf3828efc583992e4d4872b4b54643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
855B

MD5
2a387a0a791644cd58e638aff9a03642

SHA1
48fedc496f42c1d1569835f767db1b8dd1205405

SHA256
98f6a7875ece825d2671ad964294c5e20c77268e6b08dd54dc810eeb6274426e

SHA512
871c7122285c0863a68f6f3d1151180a1b60b3effd2a5ae40c5958cbdc9e93dcd382d87fd85b29731b70513805d310a06ebeb94cee2e82246b085fc650213a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
855B

MD5
b1c66ae676c6f7e95e3733264abdefb8

SHA1
1ece5f09232db180a8e2b5bd07fd8686d6bbd4b4

SHA256
9d2c4847b74e000d4e7ee3230155a5e4f23abacf0b26a7e20c0957bad362ab52

SHA512
18ad075f1e06c58ba680da6c9ca4ca669dd373eece8f66898b92ec437afba40f61b2682f203935718b358b499592bd6e8f373511d2d2c657cee6b3de08d160d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
855B

MD5
63a5f07f09b6a79d42166dc76720508c

SHA1
147d6899c4b78af7da348fb2d84785966bb709bf

SHA256
82e0e1d8b839d81bca29c76a62c78980e6079d83f2c55ee3bfce2c19261a7805

SHA512
f21a4fd93fc51618d880da5c437a6ef4d4c1f2d2436fd10deabbf47fea07c6d70e18eee6d431d62920d95b510324ec37bcbda12374fb6707833f45922bc3f3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
855B

MD5
721aba2f323d47f9699d8f2cd1c4071c

SHA1
845952292902cd7cad43786ae621d8b248890b01

SHA256
a307931256c9607193d798f2a491ce03d326dbd52a6185fdef6a86dec9503767

SHA512
2db4a4234351f39fb7c75dc4dd5bce3216cd44ab03ff27c081ec2da7766f9830998ea05f6e2ff1cd4f1a1120189a0d2936e02e912b47133040ac9d5c9513e344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
02d05c4c6e8357483ec43b380e38b864

SHA1
5047a5bde66e3f8a0ed29eb9290607321f92f00a

SHA256
a1c1b803546cecfb319ef166e6a3bfd55731472962cb04dddc8dc1f25a28f213

SHA512
463b4390fc6f405eef885467758ab17466a65ef838c512f002c82b296f972c0ddd7fefce7a04bd9eba6609f09f3966211301e7b575f3e04ac79560289b5c3c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1018B

MD5
96b8d75af2923de5c94f150dbc869c61

SHA1
c2cdb3dee479ef18cc4e5fbe1bb3123ad261a2f2

SHA256
a92ec0996b65873ff1ee526511de42f095f0beedb5804048cec0191503464fb3

SHA512
c3053e15bd2e7d05d66b582f8f239e57f88226ee429d2938e5744a86f1e43a82be79b3dd2cdb828bc4f92fc452f1024afc00c3b99b17c233501ec831f9405b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
691B

MD5
90ad3b65887c61b31a080bdd284acae2

SHA1
19ad098ff7213cce0164efec747b838ca7748550

SHA256
0a68851c25939195fdfe48e094a8e0afb61dc5226c694a294e22f2730c85a19d

SHA512
503f96985e9f5964d84b973d70533566d0a8f75900340beb68a387f77c2b569993e12b8dfd3c9e45bc4125ced04d5e046182dc542e3db729da50d5691eea895a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d4921b6f-2abd-4521-8ec6-95294218c0d7.tmp
Filesize
5KB

MD5
e3dbbd33666eb89f7919cecb51baea31

SHA1
b6946e8673d7777ee0dd3b87e6af3cbfe041eb31

SHA256
70e38571082ad181d7878bcadf40bfdfa77cf164f87dae367e42be567682409b

SHA512
c4b73639956d789c46fb87dd60b2d730b52d182edfbadef39fd8525e6054aed663e1e0fa7eeda1d6c2d5ffd8f972bfe27d347eaa51894d6932070ac4acdf31b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
3ff0fbf4fae34d134691daaa8d78bb87

SHA1
48a9e80f86038bb71350eadb82523b5f8c7d56b1

SHA256
b463fbc4f983ca96f77aa33fab39bce0285efdb42a84064d0e28ccab2c22e254

SHA512
7482cd7802de92a4cc5df1f427efd9945072b37a5158c752f4996d73a917d1cfde902f49df76cb1c83c016a6dcb07984f3faec4521e4ec11e5a9a8e33b74792d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
bb2726599379bdb7ffe9ed9e2f4de2ff

SHA1
f6d31f562ac238cac539fc2d0cfc50848a67a252

SHA256
069e19bbc8f58c546065733ef03fa2af6977b45f7f6496a651997b5b788bba91

SHA512
e29c13f9197d43b43a39458c25bdbc0a672973d604aa4540fe68a8985a8c91409ff724b92630052536819873b328701a613c23272dea783ab156c233a5b4ec8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c0b3d8ee1b42b00a11c86744fd30d320

SHA1
cdf334de7f472e0b3f5a08ca83ab8adcb5dbc863

SHA256
468d8a467a3e043b4706f7397332b892182412efe4e740c34f03747c8e04ad44

SHA512
006ab8f584e13e839c460c51f1e881c9ae1615566ce32ebb2ea7f5be0d3ef5f1be1df1e31440c89d6d7c220b6727d42f68abd32aa9f1dc74e6fec3bb7c964974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
a4dd6deab023fba1c754fd3bd52f18a1

SHA1
24a8fc7bf0ed870a2a9ad5dbdb2f730b68b56a42

SHA256
b8059085cfb0dc09f62293430f9b70028d8f637cef594c2f388d433a7831caf5

SHA512
eba783f75cb421d2feffe79718914ff1e43dd48889e1c4a7d60d1e97a009e45dd9f869e5755fbd8f09f2b69b4bfdddc38cd6b153285dc3b3c3d1981b724ed94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a24eb7b8-86b6-4188-9468-7016a7680c6d.tmp
Filesize
5KB

MD5
e7d9443a5862729d53e7e834233d8d2e

SHA1
4aefe6c606e466e85c0f19f892791f4238a9ce47

SHA256
59508f090d37e120a9efcc598330f3a0351c31c928ea001269116e1d0eb08e0f

SHA512
20742e785426d9f4cef1f3f8f9b07e255e2735c81f03309c321b71ab328c2f8035109ad3dd1d6540c9b77b0b74e8312187df8d7818bcad0582b1c7238075d72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
bb059f49d818461b269cb5ea22598bcc

SHA1
b2190348841cea214c4f890337124a7a650e8d84

SHA256
cb8fcf7a96672abf2db2ee1f3e66e5e28fe98dc261efe63ff4b38c9331e312bc

SHA512
39235bebc6c528394d908483cea8e6ea620dedbc517a97e3c37abd155adad3ba27e620cd55a888c65cb59abc5df942ccc2875006b1f3941fb567cff55ffa4746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
21bfa1ee9053c41861869991588f5673

SHA1
f29a771193461867c7a13b8345105f50f1c25694

SHA256
ac3e712b0d7c3af7e0a109f94521e4a34e1e17e04d649d3bb552158232c40354

SHA512
a1632284fdb059587354caa10bdf1a68bf79a6a6fda7b7a3c57f65547f75f578d0d639a85f443a369a6c77c0382c0d34fea38f0bbfeee74d83be19bebfcf7304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
f3f2e5b27222d2aa071d65b9fe9c6b84

SHA1
da2b467010bb3847644b0a5bf9b4053ff4c80595

SHA256
9d76b1d229a4ef83e417d225f573846cfd33352ea6b3d578e2fea9e48422cad3

SHA512
f1b42eaaa656361fa51dde112a263cf6634941b0538d1d6d13ba25b441f8fc3e81f49c46e7abb6501e366246883e3952a86943ccdbe361c4f9d684d3619b0e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
939e1405a472ca9384eacf0683edfa39

SHA1
de022b7f0a3013f4964e607f3386b6b39b8d5c14

SHA256
0c2f8c4c7f5e8bea1d4a3f37f1fd31a61839128c7223c870d1073c5bc391732d

SHA512
88a8e4ea53c0b6b735eefa76be87676b8156f8003c300a036d4973491c920cf519eafce3b6093563cae915aef347661ff1f99350bec4cdc6815f2213f0c7c546

Download Submit
\??\pipe\crashpad_1220_ZKHJOHFODMTMOHAW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit