hxxps://drive[.]google[.]com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?8wEm0GdmdG

Analysis

max time kernel
127s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?8wEm0GdmdG

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
3	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677770863567606"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4380	4032	chrome.exe	71
PID 4032 wrote to memory of 4380	4032	chrome.exe	71
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 3100	4032	chrome.exe	73
PID 4032 wrote to memory of 4180	4032	chrome.exe	74
PID 4032 wrote to memory of 4180	4032	chrome.exe	74
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75
PID 4032 wrote to memory of 2060	4032	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?8wEm0GdmdG
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8729f9758,0x7ff8729f9768,0x7ff8729f9778
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4576 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5332 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5284 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5688 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5668 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5216 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5384 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6280 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5984 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6048 --field-trial-handle=1788,i,10042159202647164472,7775149955544582514,131072 /prefetch:1
  2⤵
  PID:2460

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ec7df532a3ddc16ca220933b8499435c

SHA1
0f5ec24ab62366bbf805b271677ca1ab474d32ec

SHA256
15065d783c8e08fac8d9b12e294553101eb7c66a84fe9b484829f96fab1737fc

SHA512
4d33ec2591c19c0805b2cad3c83145b11b3ed398b97d503d40912534a1145ac7d7fb48eefcd209f5acddf8c408c1f0eac9504509e94299f165881eee897f92c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
18e866eebef0a6959156470d66ae7b8c

SHA1
b97c51f4ed6fc8b0b79e2ecd7f3db49bb39bc162

SHA256
cad76094835bbc9dc025fe28aa92be3a3b97eedf11d769bae6fd41226d974b18

SHA512
0442731287aca3cd384acac652c8efe0dbd09c7119285051a1ee7e140667cabc3ebf7b08660e2e5f96fbe030c9f7d2e5a60667866a07895b1a3cb43a1204665f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9e855e90f5fed2437d3f203f4dce7133

SHA1
58d6d2533cd93dd2daa9261137f0d79902cba43f

SHA256
0899d72139685808e4f82fa9cf478d159fc0c524b45679e69bae8b08f148de4f

SHA512
56ee228b28992d474a51be4e1bfc435538f800073fb40c9290e854760ffb5a0a7cd7a0584a63e99df0778f9237a75a30a84a42d88224b96cc9baac0c7498f17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
d063cb788ab5fdb8a54659a39ebb770e

SHA1
a35b9c7aad056b9596173b5ac29af19b0bdd745b

SHA256
936a37f4f8d1d0b889e27250751d549c5bbdaae7a842c4c17f2561121fa93c90

SHA512
f81ee443da2205ab3604c4a4a2ce8ac24f571c5de86a469be27fbe0b00bdadeb3a504e55d4b1d48e087b8bf496da8c17ab96ae7f7c0fa7eeeadb8283fabe97c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4cb4ecdee79156e7546166b586867201

SHA1
79659d2cd687d6cb9c40c03f0ac3aecc90db29e4

SHA256
0dc9430f7d48b5c9e0285d55c6591f7c32dcd4b33272d9e95482df9891fa0799

SHA512
c5f57fd647efaa18bb32fa1b303da08287e7717239765e0ee20597fd73a2eb2d5cd3d81318ad7540e8bbc71178eb29f23112bc9c648cf4a887172d473b77d2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d9c0f5b687cfb0dfce0a9faf14591e36

SHA1
197c30520c2e1109782ef6ab24851ec25b14f411

SHA256
0885a28e2e1c4dbbe018c3d7dc6a8d6aa75770525ba2ba11f521512bf54e4163

SHA512
94672a5b5dbc953e55cea791daab2dba92abcd58010c86926092e81be6540993b27e72be015fcfd5e5420b57df17a7ba432952d08f43f100f15e5f0f43ca8618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13acc6250b78c66da840d4ef2fa3e222

SHA1
3e611cd68ed2f0f9474f0d62a03f75e7787f9c5f

SHA256
636ce5646732230c63e778d0c92085cae2094cbddc4275827d6959cc13df4f44

SHA512
3e770769fd967d459841320786504d7b674e4005470f0a28dd02ebbcb45100960457fda20c65d4445ed850a799c05c6cb6c94927cb0e6882e793ce51bbb13e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dc6f6bf268f05797e7fb620dd635aa15

SHA1
f05338edc6811b018cee98219c1652b504acd1bb

SHA256
1adb47f478685db8b60d488138702c4e4bd3fd6886763083f8821ade21964a16

SHA512
a01fb75a8de368090432be7d66a20b5500ca65793c64287706e731c0ce9eb3ffa7c20fda87465f9000977f1853707ee175d4c36de8069bee22c6ba9f07dd3370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9f40a4324593626f884dc01704fcaf86

SHA1
f3b4d2c09a0b117336051c8ead2ec9e7cfe0a10c

SHA256
06cfc601b637afbbf1d6c79d030ca5fe5eb6839aaaac8cad8cdb5557f4292b80

SHA512
c09918d6ea9684692873903edd2259e813efd352e9770492d6b1bd0e7b2f83f8ab4dd306934a29c5426bb5b8de81e1cd8e39e25a703c8c5fed3f8eef161f5175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35f817771eb494a26d2e6432a56a3fba

SHA1
aba45b9f8f169cabb566e154719e5e9cdd0d6cee

SHA256
b1259b0a837781aecc5e2b8620767574d02450b9e2ed20d3efe4ea890efa7a21

SHA512
e006cb051a27bfab8e34c26e97e6039110ede143e7f54c7a4befddbf0a0da232766884626be214164af42ce92a85ed4136b6d928d3becc759dc632109261c3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
85516054de42c78c148d938afbc5db04

SHA1
0ed85ace351e8c8128092c98c97f42c3d8c09440

SHA256
507ef03b133625bad03874fa071b5ce6bea4ed2eddf8d846a5d5a60163addfa5

SHA512
7242448d2ac38e608c2b7d6855547610ea04ec79cf601a56f2c3b8598ee2b5f38583e5d36e869854b4840355a7019827c529f96a8a9cfae3ded84ab36651b4eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d3d22d6250423f75769e4ae5eecbcf79

SHA1
6f946722c72de238d389a051198ad87dfd06784b

SHA256
20a653614fddfa45d7720b7426adbbac84a76775f04ad4387031171399d3ddfc

SHA512
c51162d8fc7c6071acc9683a643a315c41aa8dc854ae7523486cad03e16d6c24ae7960f8ffc5d2dcef4d78d9b66677566a441a0bf682a0d12c1fcaa93be3fb4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cdfc2616d341e92a1e4f006ffa068881

SHA1
28e63a4604f19acc18bbac3608f5d52e25c7db86

SHA256
ccb635d213e8efcb2468a1563cdf1290266859d2f1cd7d5c5345d06b2fdf791e

SHA512
3e4e192c0b99de39657ac6d59d82aa623405555c8221be0dbe4b4a1d717911b6dc64ca87e6f0301338580623928f9e55ff7b2979ce6f1896140c8bd42bdbfd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0eb7e036a3cafe8f3cbe8ae8ca8b8494

SHA1
b14e742f575bdb15c8f7e1571e13716285f156a5

SHA256
d8a667d8d56213a50a76d2f32c5f66220f07e2cac2eb21ff357df2824635bbd9

SHA512
567a34317ae7618f5800c9416c4d1565d77a829bca6f810ffb1a22019a80698486bcf2863743746f47bffc499cc81abf29d9f8b571a6f5f27aba35efd087b1d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fa81ed69cb112266480bf2c0c359cee8

SHA1
824eeea5b26cf86d6c5c4531c6a5f582a1783db1

SHA256
bc361a41f47b207111ee49ccd01f4aaf2ede13ba059875bd6581722e04a66cc1

SHA512
b71d050dfb945b07ad88b2fd082c02938f78c29e8558e99a1632329918cd45d5fb6cf17ac87dc8c096781e260cb97f752649e85d5d4cdc8a00e56c9e7ff4bfd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c399.TMP

Filesize
48B

MD5
c8c26286ee779ecaf4bb9087a05f2a81

SHA1
51c38a25fa5befc082b07fa85fb954a73cf89f54

SHA256
c5f03df9006e2a568929176984f0294131b702bd0893a86e531047ef71e9552b

SHA512
fdfce230703a6a06cc1f332fb1e036a1b77a5d2d1fd8344d5428726dd199db6790f3b18d3d54346e75d6c0c263284fd2a75bff04e966f0b571bcfe6bd3b63833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
d4443d37fc3410911191dd69d0800099

SHA1
e512e48eb0b7aac610a50952855289b2daa4e382

SHA256
50c12ccfb071cef8b9fc300aae2ff76e311a4c702980926576624cc1297f1251

SHA512
c7d6bbc87beb3e87bf25d4d5e88da1742259f8e990ded65fb1608089dcffca3f4d74263adda9481c261ecdbdde40001f0520ab4b6df21b3a51913bce30db0d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
1ef4396f0b950c4529ed34a27a42b9db

SHA1
c26a3a2b2e0bfb761aad727539845cf62c246a85

SHA256
faa1910f9c807e77325c3e92d07bbe0ec5fc9321d2373146e85e842ff9c7df58

SHA512
5812e48bf367590f1e61cc6fc7bd7935712498365d1621f612ce8b595c7b2c5606431831846f46c0025bd46a5e3fb8e82cb7c321e6b35f3b7626c26dee44f3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
84e8b8627d01cd96e48ce02bdee56177

SHA1
64bd35507fc5acd76a22280ea7f71b4ad3881f5e

SHA256
083e756980b9523cf908bd17c66848a0294f5c584b3fae13c81d39e55bcc0460

SHA512
38f2245c4ecf8d1c4b2d18602805f6c0321f06af5a99057ad92dfb5e714a338290512ec04bf953fb7c099456bc5ad7bdfec86ffe36a8426d29eac22e62f063dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
b7933d67e651607d05af646d33b73f78

SHA1
aaff23af457fed2b8f196ed1bebf16c26ef38b22

SHA256
8fab8e5b22e6ab7f2dd29c0f05ba0933d148f74866003255ad4bcc853eec9d00

SHA512
21789f02658b0c54d59d94efd6fdfbc518ebb2cbebf1acb9dbc02e91d63e6fd872a52ec6186ffa4e3c04cbf0e7d4e7986facdf27b0266778db91422e95ffa8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
3ad863cbfddbf596e7ca461440a7caed

SHA1
3ab448567acd49bf98483fbfbdf4aa0fb7486043

SHA256
ecf0e2df9e39aeaa8a9bf84a4495957650ba99d131ff116e91e45f5da8206988

SHA512
69b86d662713b163ae45b7d880af66080f1ff9c011e17c83a4a848f994f25ebc90f957f0e517ff3af14adac287e2a74c6d8adefc60ad59c764e6f8502343f000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
97aed1443e238f580652c7cb63185c32

SHA1
60b94619127d5e222a48ee1809aa02f40adc4336

SHA256
af0088a1ce29f65d39aa8c33c73a86896eda80e54be402cbd49716edb291dccf

SHA512
b7c654972edb555e25ec113ce0fe7711bba2187637f4ddfdee805ec273689f3084a6c3a65d32c90aebed610f0ac8d681df81614bc1b4ea44bc20e61b7135790c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5877cb.TMP

Filesize
93KB

MD5
ef4e9437ff9e3a14638d780fa984ce1d

SHA1
73258b6a577a5f469ca4cfdf544b3380e98cfd79

SHA256
7ffd14a9e0c698877f9bd63ab3bc0b5882f67d07de4788578c75ea241af97c66

SHA512
f32898f89421005a8d92fb68e2ccd347c7e08c019241f33932e59604212e7ce5371897eadd7a35337bce2d2d48a5668d8bb9a9b14087cc87bbd4780104cf525f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b506a4c1-2a84-4191-8897-29ea415066c8.tmp

Filesize
261KB

MD5
0d67a501950f70b41aa91b1ecde5be62

SHA1
04d98dae7abc4bd7ceb52658a988d8359314e43b

SHA256
b2d4a52ee6cb8124d99fec36bb847d29c9ea27e63a356777c61aa8f7a0a05b72

SHA512
cc28daaa78692f3a3d237c0d0501c38a3735ef86289a18aa7130b558a1da3ce8d454aee0c6f2a860c39786e2493a63a78de90df04350eaee1f3d8c7657cc3aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit