hxxps://drive[.]google[.]com/file/d/1zJuPgbw22nmGohlIFoRdk8NtWcNS1L3d/view?usp=drive_link

Resubmissions

03-08-2024 13:25

240803-qpbdwsyhkb 6

03-08-2024 13:22

240803-qmnansthmn 6

03-08-2024 13:19

240803-qkssdayglb 6

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zJuPgbw22nmGohlIFoRdk8NtWcNS1L3d/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com
7	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671648061896600"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
2572	msedge.exe
2572	msedge.exe
2544	identity_helper.exe
2544	identity_helper.exe
2660	chrome.exe
2660	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 320	2572	msedge.exe	82
PID 2572 wrote to memory of 320	2572	msedge.exe	82
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 2916	2572	msedge.exe	83
PID 2572 wrote to memory of 4656	2572	msedge.exe	84
PID 2572 wrote to memory of 4656	2572	msedge.exe	84
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85
PID 2572 wrote to memory of 5104	2572	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zJuPgbw22nmGohlIFoRdk8NtWcNS1L3d/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8adb46f8,0x7ffd8adb4708,0x7ffd8adb4718
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17623846011258415775,11247056853909263890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd85a6cc40,0x7ffd85a6cc4c,0x7ffd85a6cc58
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5132,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3488,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4864,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3708,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5100,i,10071132306913649036,2297912226631853913,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4296

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
dff88560d7f13c023193dc8098b9112f

SHA1
4c019bbd3278f259255a22472fa2b49b0128aea3

SHA256
443ad1392a690121451cd7cdd7ee5733d059786738f94fb9c3f05b0c1d922cea

SHA512
7cd93f44934df76e3eb2c760a3486a059cac8c31e27779ba6ccc9f763c5aa5533f8aa96d1ba50ec74afc55dcb99a7aeacc7f8723f553be8e510a6347d5e9b430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
daf765c06a498fb64781cca6d8b4daec

SHA1
1af2e8ac8624c90ef1263394ea472fd54dfbf6ef

SHA256
6453cb2da97e2a9d6e8706accfb16d8b55f0bdea9cb85dc89aeb1ad54dc47300

SHA512
c9691a4c8db244e907bde6698d7281163edcd678f630098d55e216434b6981fb3cb4978e8885df57519677280b312510b09e1d08a8e331799ae8967a5f797b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
95fb2ffa41ed4fa66ba58c45f4518dbf

SHA1
c2dc3c39f84d6e534f9a04afd58e473daccfc166

SHA256
50d9b69e11a05eda948efd59c47f57497eefb42af3e41a10f62cf831c1a04a27

SHA512
1a0fe342a01b04e532fc7b0c83bd10ec14de8623a85999448f246fdb372b6a906b755a439a3dbc143ff7854e2a9c32c028070209bfa0b1a963e69d01228718ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
f724c2a2199d318253c5dabce54d8a73

SHA1
a2c42736e025334a340de837828c8bedf2ab7d85

SHA256
8634119b31d5cae9af6eccc0bfb476fdc9c968e37b5762af976028d8c00e3ae6

SHA512
81f2962010eb4527780a8a4edf48c0826b40cc85fb5170b6e3cc20bf631037cc84fa481778641e44f5a3bd8dcce8987d8209fe88d7e534a9a395b802ef303b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19f27b991010d5a4cc5ca3561d9ee30d

SHA1
2fdbbbd62bcd32b2dcca6b99168058e07800d592

SHA256
945aee9cea254f2288f6d1f2a4e412e3a10d4a93f6c9de7580553c98974b7df4

SHA512
e7986c26f127e3e62d46f2bf12d2c16a2d73a769baf601f90a6578826e8f8a8323ceff075f5439fc7261ddaf0132d68a87b015ea081b695ca740f72db13b2ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bf6dc04860d67ee39ec79f2844e6dd54

SHA1
d94581f867c710354f5c3c0494370addf61e4eaa

SHA256
533463bcf5f651589e300d7e583a0b5437716f7ce35811cf3dfee6c307cca334

SHA512
1d27f4026a86376a77e61a3fb21a2b225f3339e75104e5dc50b6e9b89a55467b3c7e195fbe2adb01c637d65978392e6a1e627ae5b2c640a887cbb329c245b664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9e389b3b944e6f71ec3b1d00e6708998

SHA1
682f1c14ee374e7a01e451e1db10df8bf6b35e3c

SHA256
7ef18f655c77e37f6a7f8619a44483035e6c661811b7874bae9db1b4d2c07676

SHA512
180e48541c05f4505de48f5cfbb5f6f107ab78cb3f0b225700b3644027021dea6cad7860c81073c4bb74d8a9f01d382084f583cfd0871199f66b753259280ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7f73ad006023674d592895c5f58f6716

SHA1
833d5d5089700ff2dd22e01bba58daf8ae06159f

SHA256
fb4534a565ea4eda14b4f2f02499bb0ecc4a0ba33545ea48df0ccce01f39a926

SHA512
09c04cfe5c898a7e20e71d2b807dc2c1c615811d9a4ec847b26fc262ac2597a584bf7372ea1689ad33e78f14eed109a9000ca3bee298ad2a507aa0cbe94efcf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
59aa16931efca283035eedac7a797571

SHA1
c9b689e62f1e2fc8e41af8b19d8b33b979e6a385

SHA256
66ab0135c182dad06324a1e61ac8613586a60798b80d37f8ec9c3d15a4a46c28

SHA512
91a114dc83b8ff0a330067507a97016d9dc73aba89147c038d1988747c9a2e733cf55fdb3000d584279c67e06c72320161859f6b37f5fc4f1ddc36b9e0b6e600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1eeb5a2221a329ff2e1e7bc4e8a865d

SHA1
dc30a7639a5d5c2840c8d5e7f6c4c6c93613061b

SHA256
a6668c178c02f1d1af904fb2322f591b37bdb589d7f47d7037bb62693fbe48be

SHA512
3d759b0e05673d4f1004a74dfbe2a3d1c945eedb435522a5c6ad4ba047ea9e998fd35fef3c7648233db1573054dabcebaef66835f7627042745334d4e2d88c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b378e989c9468984ae515036d185448b

SHA1
00fd9735721a999fdfe0cf1eef52f563cc42f493

SHA256
fd3e6a1c6adc7131b717f4c15771d2b14f9d36e191727ca17544c0f533f5026c

SHA512
6433d64a15dc96fa87075c40c0d9792653ddf858d2aee7667922cc7dfb55bb68a8049d97111d0a9cf53f093318a07cbc4b9f3ee0c70f9eb0c8088635f02dd952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7d4c2bae50e2ad53a06d5b7c38f00d8

SHA1
86875cb41008fdd4b07efbf7eeceaaa9de9257df

SHA256
f46126a21fae7442190be65900a342b0bed77f3c97c28e9eeef7f1d5ddc61fc3

SHA512
a28ab53ae44710f34e65c74de974b07c081868fed83a698cc0d4fce35e6e48ad0dc67be970486dd86b44116fd07fc988ca4f40892cfeb6cb7ed4ec598ef5648d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c4fef642fd11b84269d1c8680757a681

SHA1
7d2c7c84844bb0bcdb9fbfabc2c6a2f866821417

SHA256
11a7b3571f2675c8b81d2d788b76d1941ce140b2891b8a5c9f4e1e0c64eda7de

SHA512
bd4980dd2662a91adc941063a150e5dd948f5c38b8016830bf5234eb14dd7b2e35dfb1ca0ff6e9b617bcda7395b792cf5be5af26d0b5d4072c7ac2c6d2c8c8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
89c48e1a6540af790959ff6dcfa74292

SHA1
47f746a97291fff02b6c8ebe5bfe955f5628525e

SHA256
170bb60dca9ed14a04b772b76db391ec4e3b76fe09317afc7c45a5d98d5c6ba0

SHA512
c1942c2b7d4d37e1e2f191f5ab11c366d5d739c872ba4ce489be98f4a585ebf4d997025c08e7abac60db2f40107a35ea6a6d69feef57530d5690203572e1ad6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
eb58152639ef632b962ea2fb3aed436a

SHA1
a1d4f69f1c812449a4db9b542e7b6dc9fd8aad2b

SHA256
c7cad8eff23e701b5f34cfacba6970cdd61f51726f612219f80ef230fc6872b8

SHA512
49a89b796d35f333e82f6b20bc051f6d2688be61ac2df2c3ccb2a92ae4011fd4093f669053b01e686abecc1b3ea7a524e84f9dfd6675baec687e6483176f08e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
5c4be8eae8ec9e04cb30068211be2045

SHA1
3a8f3dbcf65761a4e9c9d32ee71a56b0014f3fce

SHA256
e705c412605d2699d7296a163a536850163b78e6080db7bd764fc0206a015c94

SHA512
f04fb3ed852a4fdc5a8dcab636c6f4209fb19b5b10a30eabbe9ac8ca21086b468ebd60a8c9753d203f6841df051d89435d2552c4a13f27f111a6d768e082cdab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e96f447e2961b2376ace45f9104bfcea

SHA1
43e51686b3841abfcf86a20f883b2d6aa2173d02

SHA256
5d7ba23d991e146d77d3752e246bcc770c966e8fb1036d59e5b860bcdb462e4f

SHA512
553c5efe6644dabe020e87ebb2d9ca4b5aa3c18ab06ff75d55f88900118d97518b4c9503dd50b3eac930f29914585c7710c7e795c6cc3f88050f6d11b41b80c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
04ea6a4128b915d65552ac4c111f08ea

SHA1
2b935fdf2c9c30bc5aeb592152cc5ec5afc0b6bb

SHA256
0042c53f34f834f995fcc888264ecb28e1637d3ed795456c712d6aac8ce6704a

SHA512
fb9324407c4062b7622f2810e44fa6a7ac6eb59f1e23c4dc17baeb2b99d68b4cde9a9f917a9af7f784130748ff3466b9974c3d6ef1d17471549c710cdb22caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
45a18eef1c04a73b92d083f1aa826f6a

SHA1
7c224a834fe062301db3db8039e54b01318039b4

SHA256
9b7b1ee50318b24cb9705d7e71192fe7791389c10dbd63c20574be959bf8d181

SHA512
d7dc669a9650f5400eda85839fd0c2391b2d4c12f7f0def23634f811b5bea12b4bf4283276938edba0b53de1f423711ed1e5b258198f6a6dc641bd95f98fb918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c445ef8aadec59e7962ef281e744768

SHA1
94f4f10378c52d2127be6768f451a3e5e6102aa2

SHA256
2b8899280f0d3c4f4492cb05ae8f6a31afa1783956b7afb32b29c327e8aba6d1

SHA512
01b29390198b1fbcd9d0ecc12a4c6e23d07cbdb3d6a73ed46560add7d5af3b6ee3a61620580520216a2ee7cff5344ff8487e6a07ad76eb2cd90637fd48c51f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a1db2e29a54f9fcf8a6bb3afb249800

SHA1
facace17ed9d6102a303cfc6fb283cfc5968d045

SHA256
ef332a0b5c572faa47a88164cb9de7d684a5fd6f9623c93fea09b4d64d999ea5

SHA512
6c9db6f368d96f659d39bbb3573ad6aea5b5157746a17840fb093605e87664084d715ac1eacd206af550917aae085a3a3233fc8e4b1f054d74d4d57b1c78d910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08d816a0dcfd927911211e05fc9d7c1d

SHA1
ee49790848ec6adc21e89d9dbc8bdb0e15d8bb88

SHA256
a613889751489ff7e17ffebc586e75350370046251a8de53277309ae5cc9973c

SHA512
b3a3e0d235008bab78e511d7f9a06368c82d480c0cad2e833f579cb71e506595d74773c995883d058e9cecf682a583309feb731204e4b8f058e0e4e528068630

Download Submit