hxxps://drive[.]google[.]com/uc?id=1dHa9psA3cgi1T8UkOWv73HTnxh5_mnBx&authuser=0&export=download&mibextid=ncKXMA

Analysis

max time kernel
449s
max time network
442s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-06-2023 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1dHa9psA3cgi1T8UkOWv73HTnxh5_mnBx&authuser=0&export=download&mibextid=ncKXMA

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133301029694424502"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

powershell.exechrome.exechrome.exe

pid process

2476 powershell.exe
2476 powershell.exe
2476 powershell.exe
4652 chrome.exe
4652 chrome.exe
500 chrome.exe
500 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

4652 chrome.exe
4652 chrome.exe
4652 chrome.exe
4652 chrome.exe
4652 chrome.exe
4652 chrome.exe
4652 chrome.exe
4652 chrome.exe
4652 chrome.exe

pid	process
2476	powershell.exe
2476	powershell.exe
2476	powershell.exe
4652	chrome.exe
4652	chrome.exe
500	chrome.exe
500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2476	powershell.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4652 wrote to memory of 3924	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3924	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4792	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4788	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 4788	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe
PID 4652 wrote to memory of 3476	4652	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://drive.google.com/uc?id=1dHa9psA3cgi1T8UkOWv73HTnxh5_mnBx&authuser=0&export=download&mibextid=ncKXMA
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa03d49758,0x7ffa03d49768,0x7ffa03d49778
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:2
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1776 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3168 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3032 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:3208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5264 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5240 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5608 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:1
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1784,i,9626137820083135678,15384969006878836517,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4312

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
4794d1e99fc7a35e190c8ae263c7eff4

SHA1
4fd15078b6c5381d408c69e20fc3f926bfbf189d

SHA256
b4f0de83915423868b19d3addd800a16c1de932def6e4e9d80a118a1333f9869

SHA512
39c1004066b37cdea0cfb7d969daf5176cf7b988826b870d14602e8f2055d068556ad8096491483e548c863ad174738fd95cbfb5cfa034c6041d1e225d6dccfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
9086d2523c44ca1158c54997f81ec8e7

SHA1
6d0194763b53feebbbfbfc23f75b5ace2ce13cc4

SHA256
818c2f071746124f331b157c9aba587c952c71e8a258d4f8825b65f229d7754d

SHA512
3e65a526fb7d389d7b6cb6da0d9e8ab503b20ff4df877745af6096bffdf13e588f4dbc52dd63102dc79f4584e55585efda7bc6ce358a29da8fed5a10d7115e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
0e55762991a8494d891bc8ea51849407

SHA1
eaeb68146468c5634c099877592f97445ecae1f9

SHA256
fadc91e26696711be8160b129c873cf57c69269c6136e3f7edba3b07ba7639e4

SHA512
22b6ff5d4401fc7dbe02ebe354a42ab4019d5d599a2ce552f9c2992ee9de31266daa82d14e63b014d12248ae13451b4a31cd2d85ac1c50a73703f61ff0780ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
b669e72a0c65ad1ceb6d2ea5edb943b5

SHA1
c72db8968f7b5af90cc8c4d2566d9bdd58bd4304

SHA256
d1d2af1e737aed4a35421a582e9f016ecac631d75612d9a955c18006a11df4af

SHA512
da23007d2572b9b34581526f6cc7e65567332e8ac205a10e826d1ef81caa82a8a5c4dee9997a15613466ed13a0c70a444d73e19cc83ed0734b368687c9a7d702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1014B

MD5
3051d9ca253100f4b7d5b4f2f2c0b750

SHA1
478e84d46390cbce144254ef1d6641a9931d8494

SHA256
a1512e8e96f76498181d0f6d9b283462c87ca98e7a7ba395ed8a59ef345904f2

SHA512
83e59922f10635701ec1fb3e7760ef4bce93c6b4bb0bb76daac575ff363396af7c1e49ddddf921d2c817fcd31a5aac9c13d6ddd409b7a9414c73f6b3e0d9003d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
79ed0b940a742e4c5fb84833b568df05

SHA1
87f363c62efa103b1798ff0b10b52623b970cb48

SHA256
38bd70e643b9dbcc0b758dec9d6e12611ed4a7f460552bc8de0c3364bceb67ae

SHA512
82a5c47cac508f4f40d739780484cab9f9e0c47f4e2814b0e1950bc09d0e312c1bc52ffe5fc4bfe5b66064db0d15aa7c99006ae59acb13a0d994d94b695ccedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
9e9dfbb21daa00bada2828cfa4484437

SHA1
5c1668e954d86c0f00c40948fae140b28e62f607

SHA256
334a24a6369798eea365ab705f6d33c8b8d43df72829dd708383ee2edaa54a8b

SHA512
bde10659d1176240d36df56efb9a2f8bd304d1c8c2b5aaa18fb6c4bea837873169eb0d434da0004d277a30ee4a49c705e4a9005619674706da0b7980aeb786d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
cd3e7027b5d434b93e0018331d91a598

SHA1
d0ca8a0532dea9f1dbef0e194d5b9062fcf8e3d7

SHA256
d3f92af4ce788efdd419707e39d71ac4d22f6ee0fa2ecff136041ead2ed7febf

SHA512
7e846fc12205aba0ba340d86e3eab3249ecd53a3119efbd0ce9c4dc55c667a01e99c71daf4522003268205ba050ea6b4c855d35364f520fc4915c88734bc76fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
622b5c15ffb8c5e384b3950b37d7a73b

SHA1
7e5532347c9b44a2054c7a536d7383c47d45c428

SHA256
9938c5f0938cccfe279968e00e938ce9af837e2928b728f73c6970e2366e3aff

SHA512
86f3d100c01669d35d816204d658d65dc2934b3ce07f8ee262d27c055512676ef0cb3a82c62453437d109101d0463278a1e021979385431f2ac42822485065cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d1365066-fe30-4c81-aa37-a180ae155d16.tmp
Filesize
3KB

MD5
6c53cc7909905e1c0514f4c8ae961513

SHA1
01a0b685cf90894b1b85f2c9d01f154b4a74589c

SHA256
44f56962865ba5faaba94453df6336ef32370eb02006814679d7ffe2d3b74552

SHA512
33528bb4cb04a2a9c8b936bd9ee3cc0394d9571c65a65558c5e7cce94eb2338ff496709a9a596fcb0bd4f1168eefada6b88bb0f53f5e95a11c1d2952a120baee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7e3423a6c6605258f1010bf68a83d1b0

SHA1
5841b3ed5bdf621aa282d93bbc089f88294dcc54

SHA256
69d1cd9fcb90d56ffb7370c98f7fd54ee12f6325b9cfacbdcc3bb07f79d8b040

SHA512
9b07ed2795b77ff8d45422f8eef4db85d4cba3a43e80a97a88a407b2132dcfbdaebe0f60e31c2bbda22381586e10810b90d8f6b84ba33c9020454e25e06ed40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7f4e9bcc30763e211fe9005003f24d44

SHA1
50800681ffbb41325d0306892458f020eaf5022a

SHA256
81d0312031e155630fa3ad79f08229423199fc211adaae89edccea73a9d456e7

SHA512
643bafbd9790100195d076fe180527f0d6cd6b901a852fdc9662403603e98ddf033e7c529ac70548966f9adb8869ea5e453ce5b486d83a532ce07f3b407aa82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
aeec1aa34e0f26a9051d26a3251a10d3

SHA1
1c12400c5ca0606853abf6e3de77f275a5e7b87d

SHA256
bd12c184ba83cac112122adfbf68fe4428f97a63700773114c234b5126ae83f9

SHA512
fcae8ee58e5d7775bd57801c3c76bf944d8ee362b55aa2b3967609e4a3fb82d53e00feefaf5c4de96be33ad2f1ff0aa7ae9eb29c2b6a4fbbbe2fb51d067d3784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b16d0e1e05e94925261ccc33e8b6094d

SHA1
c005feaf23d81a238833793a6cd66e63590840db

SHA256
66c15af0d16a8f61d5362689cad66b7f5c540832bbe859da241f397d1ba15bb4

SHA512
7c3563dd2628e7822b21f53199e332056b60339414d8b9d635bcf82a96d0a281811546e6f4683cac096ef15df796a549b9ac89e5cd9168d7d9d4293446a14391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a9b79ef7741034952a23139212dbc64f

SHA1
e8ece6b5cb8ed9289a3613b401ed08930ae4158c

SHA256
81699fabdcdc656989603bcdb24fbf6cf7cf2dd76eaec834f9cd1172d1767651

SHA512
a4bd26efa9efe83adc73352dd1e5aaa1ce3ac9a36d672d4dae49cb3d1be3422e1ad0f801ef7134ac97166453f9c675d335cd290f6f0c806238ea212b11f817a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a73b5206467db4daef8b3bcc006a1b4f

SHA1
2d8a24521dba7a07f0726940f5da1019d4e9ab05

SHA256
0ff5a08108e362035fce2f0aa0f89616d6a1451429e2b477861b4564085e79bd

SHA512
41a26c76f65819a98e54639bf4a6b4f671a1c6af5c81ee2cc4bcb93360260b8cb22ed6bb69524c13797cc6b4e5fdc55e35679a3370ffc0235181f5c77f1b5a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
091e3bf8e41da6e06785e3001aadf56b

SHA1
ea8db8749b2151c959bbfed640c03800f0f7fad0

SHA256
0183d6859795671d8b0a4095b27b382d9fb7d5b6ee765724809e56e68807d786

SHA512
d5bb08bb4001b8635e364990d20d2fb98351c184644478d6a0a866de0f9f4f124222ad2f41ebbce424f591e76d9a10312674b077732e50e7f158afc4706ad62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
57abed8070178d1ae7bd167c551982e7

SHA1
676821a64f2da19e006247806a6b9e7436bd51e3

SHA256
2b2ba93a72358234c15318d414cf0068a67fa49c43a69d87d5553e6c930f6149

SHA512
40eeb85096fad449031253064c970849608fbb2e19eb213552c382345bf07e785b34ac31dd0905ad844cf5e64f0d5e75666812a59da5e35cb1d02dc8445cd6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
fc63e0259ee076bd5750c5af2cac26df

SHA1
acc0d7c2f6a727d891ac170f5a92cc858183080b

SHA256
3167bf5fec22021c26f864c55f7845a02fd8b21288217876436071f6182340f9

SHA512
932d193dfab6660888079eae2fcc028eafb66165be0e7483cad2709c0a6ceba299712ea3376e26ca59ccbd7f448f925db34757a950753f02aa7d70abcc9bb1b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59babb.TMP
Filesize
93KB

MD5
37d3b6b1bd5215d8c0a2fe00070cc244

SHA1
b335754b06077a58313efd70926b17d44071cabd

SHA256
3d9a840e8249c53290d43028fdd262ab65eccfb25774853833ef005049a5b737

SHA512
66d53e9e8857202216be20e16b85748d624baf2c5568a78199909d55907ec4a525fa3051c9f10eddfdd896566d359d75a36b27ae6cea67b33ee13e67a96dd623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yh3rrxtb.4mo.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\Downloads\VBS 2023 Table Name Card Print 2 per page card stock BW.pdf
Filesize
870KB

MD5
0c74317858aed7d91edd59f135938f21

SHA1
1f2775ef28c4a72be6f0ca3d49d6f8b01b72b5bb

SHA256
9ff6e3b9c92f31323dae6f4e4c3c5988219e1a6dbd46aa7858984129c3fa3ad3

SHA512
f1fc92d47f514fb31f7027eaf010665a3294488926860ff5bff9c5bb134fb85c0459a554f19d58f86b8e8f2c02bb20abb0b520293a93366919d0dbcb37b5dba5

Download Submit
\??\pipe\crashpad_4652_BVDCTRGZYRPGMYUX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2476-125-0x0000010E72740000-0x0000010E72762000-memory.dmp

Filesize
136KB

Download
memory/2476-130-0x0000010E72060000-0x0000010E72070000-memory.dmp

Filesize
64KB

Download
memory/2476-129-0x0000010E72060000-0x0000010E72070000-memory.dmp

Filesize
64KB

Download
memory/2476-128-0x0000010E72870000-0x0000010E728E6000-memory.dmp

Filesize
472KB

Download