hxxps://drive[.]google[.]com/file/d/1UfVK6seO5inrUnQZfi6GT-WU4M5evJn2/view

Analysis

max time kernel
58s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UfVK6seO5inrUnQZfi6GT-WU4M5evJn2/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com
10	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679416483791492"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 4956	4928	chrome.exe	91
PID 4928 wrote to memory of 4956	4928	chrome.exe	91
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 220	4928	chrome.exe	92
PID 4928 wrote to memory of 4556	4928	chrome.exe	93
PID 4928 wrote to memory of 4556	4928	chrome.exe	93
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94
PID 4928 wrote to memory of 4804	4928	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1UfVK6seO5inrUnQZfi6GT-WU4M5evJn2/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbfe69cc40,0x7ffbfe69cc4c,0x7ffbfe69cc58
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1680,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4024,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4996,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4672,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4636,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4520,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5364,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5484,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5612,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5628,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5784,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5804,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6188,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6240,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3796,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5244,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5152,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6040,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5692,i,1329728257771167511,10943994546181350380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3960,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
1⤵
PID:5116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9925a9cfbe66969e0f68adf22e4ee68f

SHA1
f49b7804ac2ba330b1a127e04de6fe7c41e6fce4

SHA256
f531e8dd7a8deeef09bbc5a995f4981a889933268dd1d222888dbcfb372c84ad

SHA512
cce93d6d93d7c74ff4b99d5848152a404941a9e57d27a0d429f84ca35b29893474f87494af89b00ae7d3cde02273e61f18114c069e2c56e7783894b591a7e034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
72950b2ff0e599412b509519d72df403

SHA1
daad0ed4902a82f7c12f92d91797b31cd67a4327

SHA256
41ca7313ec0efa5558a0c20f64e4ea8612426b65e7eaf1fea632d3d24e9e9a42

SHA512
4ac5ba21ae28591d2cc568f4c1361c5363891f1ad126f0ae5fd00c2d8f66464d0bf5571e7008c7f4aabe4f5d5359d6f2992a19ad89054bb295e73542c19d12e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f9d7ad7f22992494d93e28ec9b652b37

SHA1
f31b0cd27a5f53f32dcfe71b01dcad03feeea2f0

SHA256
4fa54dfaa5ec92b1905cd3736fb0a4c4ba9fc418e76eb83092db3efbf266176e

SHA512
f212d7ca5289b0ec9736478ab5a23aefadcd90f51ae2e2e9c1ff8389d421946674abf9ac8c08bafdd49fd3ef0f2a283205587b62bc0189508db5db3078787f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0c20a81de5e01e6a26fd595c83faee61

SHA1
8e56869aee40bfcaba272c2e3f760c5b00efba88

SHA256
f7f2c3f91eda2faec1138a7ddab1985a034c663eea866c80f612ed1be41180e5

SHA512
f17a7681bbffb878e1448be3921cdb1b0e7fa7ca1965d844f874d4288712eec8b3da7e28af49688a059cef9421a27b8bdbfd0a3f5a6c9623a29772f3b7fceb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
460cd7993b80ddb66dfdc106397b7263

SHA1
99b9978a93d5a4102d0d6d1be43d8d0d35bc01f7

SHA256
b37d547be738e5a5476758508d339202d09dfa9c4c50d61c0b06f2583d903ef0

SHA512
1762d2081eac2aee6c63ed2d26cc8cd3b31ac697697879dab1f28dfe4d2ac782f459b90b8f3489a2bbbc2dca999a457a9bfeb68ade0380055ebf9c263f1f6794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
45256a559785f60a54cfeaa5d7a9a453

SHA1
db9bab525141f1b8b03a514d2446484765b7fef9

SHA256
74c7f71870a50b6830d49bd83396364980aefbee917f0f9b1a45b0f7573861bc

SHA512
4b869ff159f9f1bf8237a3d3b6514d2a1324c358795479b03db5d0ef9bc6c62ecb31342e3d960a1a23c87c1d268fa9af6b3f5952e85b306f0d02bd068c466e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e88aaf342fa7d3a174320adec2604dc

SHA1
57d0748c90e1a4d91d9b5a6c0ed60ddf9a5c790c

SHA256
4eae43af3e58688d53edc393e1c524e49b9b5d9f75c566e576dc2a90ed44b6c2

SHA512
27cd31cc49ea35a11fe15971916afef22a4d80ead3a767cdf4fdd67c515004905d0247b880b4c8837d017b07e9c113dc7fa585d17c412479bc9fa65d98c9909f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4118ffe573694b3e1e1ec7290b57242f

SHA1
25140e08c2d743e47d1073bb06317f5204c9f1b1

SHA256
c578136cf8ec547b2eeb58f985f239503a239384cb965f02e1377aafe852ebab

SHA512
037fda6eed6802b4524a443c3d44b62261f005909ac5cc09c22eb96ee849ee5c1eda6b6dbda1ca6bab8dd0744b6c0076e0f1cad51bb88f396e7660c3147c4153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5b5c2afe9b8a46211b4a1d5a226dcea

SHA1
a00b07c2818b813b96111620e8f348c3cb4f59f9

SHA256
8f08468a7ac4a1cfb8955496a6c18244dece2d422944230b312a1a67ebaeaa78

SHA512
c745e4627a181e5fb5366e0546aa00c4a5d0269896ad35a6a81ad972f98b6f382dfa7b97a8ca411044e8b9f97aa1c4286960ef14f45f32413e61c2fa92f5ffe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17a5a367f5d4f3eb9ee156d08eb9f6b3

SHA1
a6793f98e0ef0d8c07e05a447b7ab3c651f11cb3

SHA256
3927e80ca9dfab9823c1281d21d2a0beb01d3999e010cb65f7d7fca0b61c85fa

SHA512
36292d6eb32f5d0c2fd0cca456a2b1bc6bd435beff7af3601b1afdcb731fc607690bb5d8bdf05d6dc58090c5b505a10f93f9cc9e884a87649c2feb9644829242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f237096882dab6a35489c0a0631e24d6

SHA1
12b663d82d228fb6cd95907e6dbda059bd2cee16

SHA256
9dac5d502ed08ecdb9c37862bbe7f6551c5ec62d6c2968085768589f57eac9bf

SHA512
37e5e15b76ffeceb3727e60e8e6378b7a4dbcaf9e053d5b324a5f6ed87de8f007ed04253d634bf133257ceab233ad0ed752bad4c24a0ae36627c4943830e2184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
62815af637d9377fd5ca0112fcaaec74

SHA1
13fa51595044844fa3c3f1d4a6385208e1c60155

SHA256
81320fea84735985e5a00442c81fbe224951526536fd9fd290dda4341b622713

SHA512
94b8031000e692c8d818bf2d8599406b6009a0a78740ad5501809096d2a67bbcddae10c93acd6668552631c96e2d0f2b8506251b57e0c9afb3bf1196f588eefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
27ad1368e82bd00a0fb2b01b51b9aaf3

SHA1
029b83d2f3c804697f66a790aebdaa7cae6dbaeb

SHA256
89316fe32c9b55bfdd75f41b4a7c3a2d3395560d862b8e0ed6e3c772d59c75d4

SHA512
c91e81481f6ab86ef18899f849ba52c91e6275f203b5e8c3f4ab94b25fcfe0af57ae55d1e89c3bbe63fad8c05e9ed57fbe5fb1dcdb5402d6da6d8d9d442b86b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
047619e9bd67c723a6ac4a535b927e0e

SHA1
52b0227596b64dc6fda0b731fb9a324a5b4a5784

SHA256
5a4d1321b2bf8929fa15e2b3e750f85bac7c93d36519cb9f8e990ef84affd9ac

SHA512
7caff1380a3dad519ed8a623b82b9e9aa96650fbf7120a747612dff5ea58b59f4ce9d6fd8824c74933ddb5180787a2b390b877c6c13f18dff29c37f0b954e01a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
d75ce6960cf126a14a47ec7a8ab9f0ee

SHA1
12b0e4b9c778d6dd30de53f2afd9f59d6f2a4714

SHA256
04391ffef636a6eec1070b4d33923dab2e89c0c9ad35c42dbcf2da5415777cb6

SHA512
fd11e0ecf6084d7508af44cd686f6ee8f87e884bc3a7b47fd48c052b6e3d3781bd8532f730e02a115c6fc87ced9463894485b13a0780185896644291f9a66625

Download Submit