hxxps://drive[.]google[.]com/drive/folders/1oFmrY39hpk4mrLOxgLwwaGKTnzI3yXBP

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1oFmrY39hpk4mrLOxgLwwaGKTnzI3yXBP

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
14	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681103998462806"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
4052	msedge.exe
4052	msedge.exe
2348	chrome.exe
2348	chrome.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe
Token: SeShutdownPrivilege	2348	chrome.exe
Token: SeCreatePagefilePrivilege	2348	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe
2348	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 1048	4052	msedge.exe	85
PID 4052 wrote to memory of 1048	4052	msedge.exe	85
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 760	4052	msedge.exe	86
PID 4052 wrote to memory of 884	4052	msedge.exe	87
PID 4052 wrote to memory of 884	4052	msedge.exe	87
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88
PID 4052 wrote to memory of 1352	4052	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1oFmrY39hpk4mrLOxgLwwaGKTnzI3yXBP
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8af5e46f8,0x7ff8af5e4708,0x7ff8af5e4718
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10480291221993307547,15256027397379878467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10480291221993307547,15256027397379878467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,10480291221993307547,15256027397379878467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10480291221993307547,15256027397379878467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10480291221993307547,15256027397379878467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10480291221993307547,15256027397379878467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff89d0ecc40,0x7ff89d0ecc4c,0x7ff89d0ecc58
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:3
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5440,i,4685393396005309082,7645988082066216972,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\42d02e02-6221-4bac-b310-d918a917e5d8.tmp

Filesize
194KB

MD5
537b4ce755179f8103638804b8622fd2

SHA1
98361cd80f1315e29d9f67882bbc73f6075f0613

SHA256
d723728640e32ffb2555a8558f80da1ade0f8c02b9619635ee8b247b72bbcdd5

SHA512
ad3faceb00f9807cdae5c5f114785e26a8a331feca75b07caa12552755efebd6ef32f301388981d84a01a80860a7df64d9bb0282fe56160670453ad2318bcb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ba051cfd7e49eeed4b56ac036b3bd77d

SHA1
e53edb76abebd7daede6f57d58f8ef97e068238e

SHA256
966279e9caacced5cc3343eaeec48d142936e1e65d168e05fee5cff4c2a43c66

SHA512
b93931281a073defc139af36348d025b5429a6952a51361dedcc66962a5caa1bdbcd02a16f0662ea5eb49c0d45ebfb2343448c02934113cb8c8f7f48d48bfa2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
230017acbfb2b2a1d72542ece2385559

SHA1
a0d7aae272abe739068fe688b8ec45057645ccbe

SHA256
09b4c4b219e0fc2397384aad23c7e853e885f5a2c4476bb715ab820612126678

SHA512
266f9f9158acf58d288cdd283df34c37c096defc0e67b0488ab9ae2102e23335df64c47f407ef0ba0a974627940db255b3e3a19abb22961168209e2af3b38f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
829da401e597192892383226830905d3

SHA1
9276b67961554eac429aae95e3db01bb0c29692c

SHA256
b80c2320c54e39ab8d6ecac4669232e342607d4e49df83fb0612421f03d16068

SHA512
54b2ee4b5ae9e9e907b9362004ca5bb839044671623fd484bb9005513b83e3294f8ec6d97088cba69e2efd0fa8bf48259cf043221c74df316b9862a0edf35cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3f68cec79d508b035b6b19ece59b6b0a

SHA1
d708b720f2c5fcfdff4f6c3626c7afaf64d79d10

SHA256
e616c3c38ad62657388b3e28354e49cc53c2b5cc5693a8035319137bb9a65663

SHA512
efbb460b5b7e215344cb3352f42bbe6e2094d89f9fe5a52172ecd95f000ec90f4fc594e285376fc3bf029704e16cea7ce4b2f00e56db4d4bee176f59921edf75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae0000b809ac4ac6cc06c865a3d96fb3

SHA1
3bdbef34713a26891ac2cd69d02196149795a041

SHA256
0d43b5c972d4083e9a25533c887c7073f04b0b5e36d0431b7e130ac768722614

SHA512
b1fc081c70ee8a8a31856d665ada4706eaf6441b7d7775c743fab6265a068e05d60b3a33d3ae1f4d725fcc20e138a5b4eb8e7cd229a5a6faa37fe300f841a330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bb11ca6e9a906b69732dd84a1323991

SHA1
620d239c67e5757321f4f73cd1340a07916f554d

SHA256
e703474a9eabfa05d4b812cffd65f71d5321298cd1a5c8ddb98f13cb118c7736

SHA512
a79d60f51b2cde55e083987971b4d7ed297b464a5c51e14cf7d1147242d188fdc3615debd47fce957814771fc48c9cb176defaebe92e47a247f1f68bb445d725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69d76108003a6726031a18e1409b3901

SHA1
1856b68e03eb4067fc9364aa5801909d3bfd4311

SHA256
368e538f4725b251ddd9acce072f054904de17730ef68ccc71bbce93ffcdc60e

SHA512
ea2ff22952e720b40d9be4b777c06e127f3f24b1b063290b2f445ae344c24eb4e879f20d115c8ecf104906a74e786e8e2255baf722ea27cab3103412dcefeb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
743fd70628f347774df9d9df9a12ba14

SHA1
72efa437bc176a01b3ca94f98b3e28b8014b7934

SHA256
1e2f5e9874b212e999e858b85628cdc2bc2c52559957e1aac7e7b264260cc88f

SHA512
1b4a6d6e8062726835ca9c9b49c5446928e58ef394d7ac6140648940f247af56f269d15726db7c51cf832e6f3a0775a9e4f79a8adf33342577c31fcbfb901d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15497db056389f829deedfff2f8e8a15

SHA1
b9ea104c772e9c15b24fb7c3d628e3bfa598aa87

SHA256
47aef4e723fdd569cfd43d9d162f4db78bf0efe905100af2e423c13716988549

SHA512
3cc29dd4aa3e3f46031c7a54e9ab98d1f00874ac4ee7a6f5c0e2b94f016bdec104ec4498984c9c0b1258fd3cca61740a6ef2310032492dc2f63a34be05e11ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9743f30d297633c391ed164fd8be3ef6

SHA1
4c176d6db8796e337b907b4faab755fc4cc2fb46

SHA256
1ecf9122bf72568457927c8ba19888028f661da5a213884d2b89711dda97a44a

SHA512
0b8b5f132f672c90c9cb64a190dea6258db9a38d36981d82ee04e6a69979279bd3988837ff269fd5c9cccefa3de266eb1a25c668803e2bea5726e5085ed66089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24aa1cb14e67ac21a03d1946a947847a

SHA1
fef84ad49382bcb1eee92e441a849aad7ef55b7e

SHA256
68427f863fa6dcea1f8a5ee3bbfafcd742cb993f3f2c4902f7665145a3c62974

SHA512
7bb7c08a026fd62cd03f3a8c27e29a1697cae899b1516eba5415e097c6a17a4973e7364e74a12c9288d15470b069fea65be13f51248bf99852ef746e0961ee5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e879346d83ad6ae0131bd4952a479e04

SHA1
b502361ce9f42754ab4cdd613394bc5df4147824

SHA256
292393eae576e656aa88105e67804137777db6871e3b7b5cab8d97e594c0957e

SHA512
b851482d66a93f0025b8ffcb8e3c43c941ac9d22a81e1c20cb36a88605941eac3eb0fc03940b0a1b2968d9efb4cfc03be99b1b797450a7ef59b1f671cb7fb76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce29f26a3eced272c383c9c46e3f6247

SHA1
338b1413edd480aaf46f348a3c275c9cc5e65c44

SHA256
2c3f9d77835e7594626b573e4bc13abdc736e29967fbbb0731aa8b0af72c16f2

SHA512
c73cfed65aec617270d0a6b384306c6c484368cc263aba00d95a7d30b30a3f2b7bfcf476b55368fba8fb519b566633356b151168079d2713b3e5e17198dcaee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a4aa51ada8c7ebe5d3e38cb9bf88d19b

SHA1
c7d3372db191568b8ffc216253938badaa6afeac

SHA256
d1a9e31bc923b09a0831e18d4e27bda6057d4d9487b9a72be5ca4b611aeb30a8

SHA512
cf679508596ff52789592d0e36e97aa51a5bccbaf66f5ddf3edf09867e14fce58b0c5506ab67051fc0b577eaac3fa2db4b078e31e26d8da4f3b094be989bdf2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1fcdeb05ea1dec00ffc75f78fbd865a7

SHA1
8d282205c9db0fdc736d6ea5a587d1c1e07d2187

SHA256
cb1643ec7e6a83bf48327d6151f725a570a5db17709c096b0e0fdd296af0c009

SHA512
8c236fc187a4454800fc53530152266aea5e07c3fc7dc3d4996b4cfab84644e0964723fa73004d881b1fca96c3f357db54d5f2cf788183f311c87b0a247b70d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
69a457e468fbedce26760668437b19f6

SHA1
bdffd09df4f02d0150700f70a2bad3e61bfe1b41

SHA256
b173f5ba02283e14b73d820640ffdc5aa909747988789836138cbde5452987a6

SHA512
025d244f0995462de0de18a011805a197d2d06917689b455245242a3f4debf7af14a236e72eb79321da09d4540c6f97ac3efc7f3f50659e361298eb54eee9d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
dbaa6082ef88b0775468e30c6c459fc6

SHA1
e82617de3312600f1bffe5d9609421ff89bbe612

SHA256
883cf266c210f820b4de1fda97ecb713706f7abf1f8c68d769fd26ff2d38d7a6

SHA512
e27325717b0266fc9e93a26e7d680e790b13a990577266c0c653329e37824e38d164c4fcd1b3aadbf7a70dc4ea04f89c1958e483de2eb9e34e12f9843e7fc657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1efeed1c68f8c5cf92866718ab0d9258

SHA1
d4327e1adbef1acd75b6d2ebe457d319d41f1ecb

SHA256
96a7fca1e95f4005c31912b1f7e23b3afc2218cb20f0da06dd2bbabaa7abb626

SHA512
f69f199da31b10506b8f5a759c5c1039de41a130464b7a65d2834270838d1fa21261d674c373496bb0b508aee0642d8997e5ad18eb0094c0d4aca744204fff8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
94db6b6592278506e6fcec4d32df004f

SHA1
7b5bc08e51eb07530df24bbf2aab97d873e95238

SHA256
97431d5110b041dba86037ed53b3b49d3d91a02f3105491984f8200d6c8e7f8b

SHA512
3187c8df0238926c3487916f576d873763143fca4ea2b1baa202cc3a4f757fe9a328ffe95ef5cd1bc47c23d362cd099b1d310902417dfa16f1c9f5257c150c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
383d36d2f5b8b08848f2c24c54124acd

SHA1
11588acc702720024aa4d7e0e5505c71ab9645e4

SHA256
c8d2e25549678902f76cf3452d7c5217141b0a6752259a5d45a6a04697dfcee8

SHA512
5a1526b029229bd925ce5ddd9381e075c2611c6c8430254d2fff187872bc5a8d1fdbfc15c61696b6f77e1987bc34407d55bed27cf042ea9e1eba2dba89bf0834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87a4a7f19b7f3631c0b2f373f4cd32a1

SHA1
8ddaf7595f6054044c78dc6dc809447ce43f4b2e

SHA256
f84c062b41cd7f684b67a835b51f43346e8d37404ec23140c2e3623207493589

SHA512
b7a53c18ecfcfa216f98fd5f8b7817f348feeef144743e472298f63febae3c4d138023a18aa52635f26f923141082a113924560ba155c2618defc2ec8bea7c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3aaa12e876df00b1af0fe2ea12025e2c

SHA1
8542bd4aeebf79bb3a7750604b4c47c7a1015155

SHA256
041f0bc0d353085eed4377b1aa1afe70d541d6779ad1a4a0e20fadff0664926c

SHA512
e34c72f5a63bc8cb907fe8c3975c198206b78cab97fa31f2b64e0437c65210cdfc3744b8a4729a705c43f59dff18a0933c9bd7d17015969c32d443dd6e56ad4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589611.TMP

Filesize
1KB

MD5
250793e1a7d81ac435db1a296c39437a

SHA1
dc1c84acdc04bccd7c0cab4c2de367714c8e51b5

SHA256
4be4dd53f6956b8190ba02a34d689ff493f00f6f6a2808f829fd63275495796d

SHA512
273798fab586abd0c81f8758032e5138efbe16fa13ece08e95baa05d22c0b79a22daeee1efde842692c1282a604de9596714a23ca2de759432f85907ea163562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad4296987d6e5b561aacfa2681854071

SHA1
ff61280792b9e4d48da1500a3802d144602e8f11

SHA256
77c682b66486c94e672264617a4de100ab97d0e3793bbdece120dd96ab7249b5

SHA512
766f7f64caafe1f86b2f1c8d74f85910e40a3d9edac89b7874b3664125ee8d7bc0de01dae9b9d34b4e858e15bca92dc7d270471ee9b17e9e804215a1057ebffd

Download Submit