hxxps://drive[.]google[.]com/file/d/1AL22zmp1um1wdKdzU4r-6Ixgbf0l5y7n/view?usp=sharing

Analysis

max time kernel
81s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-08-2024 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1AL22zmp1um1wdKdzU4r-6Ixgbf0l5y7n/view?usp=sharing

Score

8^/10

microsoft discovery phishing

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690688676947064"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 5512	868	chrome.exe	79
PID 868 wrote to memory of 5512	868	chrome.exe	79
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 6108	868	chrome.exe	82
PID 868 wrote to memory of 2264	868	chrome.exe	83
PID 868 wrote to memory of 2264	868	chrome.exe	83
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84
PID 868 wrote to memory of 4888	868	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1AL22zmp1um1wdKdzU4r-6Ixgbf0l5y7n/view?usp=sharing
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf5acc40,0x7fffdf5acc4c,0x7fffdf5acc58
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4844,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5088,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4312,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4448,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4384,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4324,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4584,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5528,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5960,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5168,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5636,i,1312636485573233944,9462216049275277724,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4540

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
98b80e1fee51dfc146952f83181c45f2

SHA1
2ebee561db7b828ea9794c4201dcb0f4a1a52de9

SHA256
55b21c7d17ae0f0dda85e506ff438bf4fc8a57e83a652f77d406e78a44248838

SHA512
36bb33d4ca7f274931b2729f88ad80a86d5f511e057847126d570cf4078f25ca26b1067d8775771973401e85e9c98bfb6259cc92920edc1aef282f0ee0d702ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
316KB

MD5
14af3c65bfc20377d5ad0b9d8ef253ca

SHA1
8a3d608e7b92a6f6663c473b0b0f51baf82902d0

SHA256
d1d97346ed1ddd8143b7e48bd6a2d630c8d1a994ff91887858b211cddbde0847

SHA512
12a73b1b2ec57a90e50409006dab168bab08e2c9895e686eb1cadf35f5e00ddf0f7d7a2b4271e70a9753a13c914a1c6cbe192c5ee0c7b4c93e9563602ffa739d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
597KB

MD5
6a1ced6088af220b4e0b8a7855edbf0a

SHA1
935f1340f48ba616418bb59163393375da6ab9b5

SHA256
6a0e37a72f5e4c339912beaa4df49a60272df111bdc8ae86664cfc0581523d93

SHA512
c7a1fa4271b52e03c11c12a4d9fad05a9fcc6986898327fadfba0932efef32a9ad324eabd19bdd0c919a834838f4ddc050c0d7fe22109a05742b018ce2cd06c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
76KB

MD5
e75e077ddaa02015ce4034519830f4c6

SHA1
4d8a861eeb9a83388fe161a917dd896e5f34ebee

SHA256
d3b1a1cf9dfbfb1a8c7a40507dcbcd24e4d35efa91facfb502a1cf108f4b7eac

SHA512
a57b6ac3e864804ef254b04c1b63d7317cfa7e8869ece63ae73638e12e2cbef6b84ab590efe697e35899025e0a2b8449323594458d9ea83ecc562298ba2f262f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
38KB

MD5
684ba770d9d57d26f1207df10c487299

SHA1
5e070343321a495bd6de7f6b557cd51672794b0d

SHA256
d41c384afb93a679670ae771c3761f2469c017355f8daf4cd8ca03aefc4230c8

SHA512
0f0980c770dd729fc60b1be8c689d95c3f264d0f712b80e1b6b511f4eed3e521c8be27b69cef09361360ba9757c4a994d33c8e6b1b9efdcad5c691367c19b843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
71KB

MD5
938e640dab142a9fd0bc386b38973795

SHA1
0fa6d957bf8c78abd587069bb6a44e61d6527a3f

SHA256
d7cd5db9e91fb47a14d82107840b2f535d65ff7e45e2bdbcc10ba9c52185675a

SHA512
0f433260fcc49afecca678d7a0c75b16afd369da53c2edf7580a40e1260bf12f3922cc399e7f8a7f1712a968dd31cfc5cd79b6b705a346a58b2eff4036dde4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
286KB

MD5
ab8921d1c24012c96c7f54a091470f05

SHA1
c725f429cb7e43e65f5ff2fecd65314320c2a080

SHA256
2b4b994adbd1ed10832d9e813f6c5c130b08d9e236c56659b0e2ce141fcb97fc

SHA512
4acaf2589020a619cd12a291ebf84fe8785bf4f2c0031e4470fb54d614d31e93359bea308ea55be5cd77cad521ac60d4ae6c1a649f68c69c26cd3519715c6dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
09a37e725ec91c89338d6484fabbec4e

SHA1
6df8d78cce3ec984c200d7904f60cc92c1beded9

SHA256
9390c16630724d14a65a6d09a7c2a9eb3511ddea3410d4ba2c72a6952018f2f0

SHA512
5a492903cae61ddfbd770e3bac167817314e3b6b6ae2a978cf318ccad3dde3b2dfcdefa4914503fb5adea3e271886472fdb890c2f73b2043677b8186ea2730e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9f072524d3b0fa06635e0a76d2bdb08d

SHA1
4950ba7b1301c4580b8c3250e70405a93bc80050

SHA256
a79deefe1db4c07b5a6145cf6b8bb81a8dbe83087824914f3355cdcf65046a12

SHA512
ac6d872399ba3af2ab1da5c45f90e0438f500a0c3c049e456d57ccd7b918ca8f3bf826acfedd3b0390bb9b6a40926d8026fe53045d5348e4b53dbf00c97c55e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
72ff1a9200e3eae44481dfbdce26c5b4

SHA1
4abd31efe5111e07cfc4ec987c928e72cbef4926

SHA256
0dd2bf4cd5d9c95d1c9680b5328c4fd91feb1e621a4a5e745a7430362c1358af

SHA512
c10a34bcc403796a062435f3427c75233b48c172733141084ef5a9d5be34e5da4124ae4f8a207599c0a8188f869edbcf62e391154971c62cc851f4a4c9b1b73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f965dae3424786f2a83e82cf8d20533b

SHA1
bffa6b734ba387f4b0575a1987259b05b089baa3

SHA256
676d36db2c37238efc17184ed7aadfbc56bdd3e187340bbd09873139c89951be

SHA512
729213f23301b28a504d42673b594e445a479545d656252dd9ad3099163b56c20434ab3508dae9780f140fd17933b61af4646c4a20975cd34daf4835841da4ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e295a4828ac7f5f949a24afa83d4886a

SHA1
5c5925020da29fb3369b372f1e7a878aa6d4e51f

SHA256
543e3adcff8f0fbe41f62dda940c93458cadb746b2424e75bb7c116dabb72f5f

SHA512
d94a31e801e2f1bd3744e4678774e44847d3deab57440db7b2a890d49b0f660af58473063c1433a7d59d77b868903aa900230d1aa10242bfdfa8dc7eba725595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
084cfbb1e54ead5d2dc1361a2f038a00

SHA1
3da76f93be9b1641c022f6a6e083639747d97776

SHA256
1c2a7dd5540596d02eb2bdf7222e91e014b412fd4309a7a510e0ccc37e2eb27b

SHA512
c133c1b6162d399c2afbce7a508dbd77da6a0e1631986787e0958756dc6657e30efd3c1af3d3784b4b71c7c94fada4d663575ef2fb51ef541d777f011174fb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
968a53c299277d3746ce48275b468bac

SHA1
d135596d0b50642be70e6e9e066fef14c0d1e997

SHA256
6eb5c8ada091b1b6c7c1a17aaef8d5d4434b04f7e49455f6dd5a999c5dfdf6a5

SHA512
81d1d92f23b8af3852a3039c4184c5cdfcad3f85b12ed7d72a7dd5d1f90362ad423e40854a7eb6a595c6b20968d3cd47e49bfcff5df674d0ea31281c2a6b539d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd4c20b1a1b37083aceda1a4936481c0

SHA1
df5d4120e4e3ae099031544f36eea22e5d51e06e

SHA256
49f6fe63dc55c0112cf67634c389902f22bc01db7e0207d2f2c632cafb543cc8

SHA512
af1340ee4bdbe3b157445611513d79571f7a0f6bc7b766708295c31972d85e15b6c559b7d6d39261674b54ad1c7737e33df5c9bed88c7999061ea20518eb6392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d92cf2512e97f9d383f718a8623c702f

SHA1
f166c5cbfc89c1c832ff51e58b51fbe13161ac2c

SHA256
55dc9bc12e8fb13e0cf958f673f0a11508749981081372f05c8d081e919de993

SHA512
ab7121b0838e828c1bd6729d45c4272aadfbed3e3027ea6ce69e12aae8cd381c1c537525793b6d5b5728d4578d0e61a0c3d00da7e4b3051c5c5821b6cd1c4240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7fc07f8e3b62305cb540759103641a35

SHA1
cc706bb638d3183d11fb0c94d1cc48bc006679c9

SHA256
bf24b8c1141e26f59db62d042c97fbb5ea1a1b67589b697cc905d70f2b22d923

SHA512
8b674697c9f9f3cef80d1dad71b03f9bacb3cae7b50b53e3340567c33c602962bc483fafed6e952db52c9e96c7561df2ef129d92ba9e028aa88f55c32208bac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
58a2cf8f68fc94bcb50dde26de5a68cd

SHA1
cfafbe4cd4531c5536946a9fdf52bb23ff183a7c

SHA256
a805dd995f8b52de11e1b02e8ea4e225bbda401dde032fdb6fd35e89e6504c18

SHA512
2ad6aadff51dc06de53fe61fb7e51ec66a455432e3c6410d4c618905d2b2722423638e4771bc5391cb99e76d7c8092484e26923ecb5433b037e14b0994918eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
87e6a658d7c07e9a44346b5ec2bb9cdc

SHA1
ccfe1d985a823c92e031772b9bb01508fe11abf3

SHA256
b77ef0a1976ea43d3e7aa046eef8dfe7118c9c9ee4671ec5d1aa1586a5f8fc30

SHA512
aedb3dd6eb9c497cbe2d58893f4bef14df9bdbf60b11ecc87ea1934d03a18f6668a9b049d7e5d3463710c3c8055f2138635c5d7aa381d840ca42588d931eef44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d7242ef31d3e870a6f27274488c6f249

SHA1
eb92f536e37a10775206b3643ff467c757a9719b

SHA256
04edc7a617aea0133f7b4d8c6d598907b4bbcef1ba7686df79e1ad85115d1764

SHA512
5cb40686e1d7aa27c639fc9dcbf7f2ae44280ac6db0be99a3d46499e84a94242cd87ee0b1642bd28add7b61511cd9aff92fe9db4f5a22721ff86bacbaa4fcd54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30a35ff0aca7e778533377a866ef7cf1

SHA1
2ae92ee333c8cb50879fd584b36cd104001ef183

SHA256
05685347cdee3fd36d61c6e03f8f06f23b3e6a88b708bb3671595b7b144d19ce

SHA512
be76398b9b03c9c9788db5026788287eeac78eb0e48791238390afa834730047378164d6468ff920113758ac8f8669e4a8113cc8a4041a5eadb134f69185b114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
1ddf0c6eef48f71a65963455d864c0ac

SHA1
9a855999ec20ca435f5790cc3bdd7e46fb406d0a

SHA256
d98effc04e89204fba7af011480d5617bd26fcb2e48dd5d89c798971319708cc

SHA512
b619b3b7063b3d947500963cd51143bc724b021c8021405ac3a11949e2009bd1bef3278af7275f33abf11a5a1cf168a61e7b22d30c1602cfec1cf6fb3cef7a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
253bce89eb785280f3990a46f4b06eae

SHA1
83ccc2d751e4f384deb7adcb82811028f5c80b42

SHA256
669586edf263457747c376742623e2bdece8cda4504174b33a46949629dff87e

SHA512
2d222aa8f3a6bae9e1a3e4b496b365f883e0689d4b850036269a25a63d6393e70b2626cfa69eb50d070ec30639f62c42b998a7a73a9e9eac8e267602a81fab62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
57a7a6bbb045ff8e810a9a71582f2a4e

SHA1
719de7d86c28a18983556c58400815cba3c06ff5

SHA256
9db5fd04d000ef3345b6cda063483288342c13d41e23cac82bb09055dadacabc

SHA512
116a7ca0b4aa3208f6aedc1ea81bfe4f59a8cdc9c13476c8a3953fc278d35121f8f5f9fbc182fd32ab27ae036130bce3ba65a9722d56cfd55312fbad7922da6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
82f78e532cf49315956f53a36499e834

SHA1
42be02fe632a6503a57b4788660de6162c6bc067

SHA256
57b994d96149eb34003abc09abe9edbb2c24001de051dfe088183095dd138b0d

SHA512
8486481a0411384af1e5acaf63cd9438d3d620f1d0ebcb249754e5cfdb30e63762edc34e5cbc7fa877e8ef4d60e828245fdaf78f2585459f02aee47b8968ad09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c8537d4e3cba530a7fda2f777c8f04d4

SHA1
10f8c65abf933cb621acf19fba6bc50100df5f1a

SHA256
a9b766d556b4a09a5a4a8473f08181d2fb498a865891f51c47e4103ee2694016

SHA512
0ac5f032fbd0ae8dae0dd20c29f631fff0717b6877de474a870de7798587861a0e05c4a3a05d05a00d92ed59cea565c4c568b1f49b1453ae7d721e7b375a83ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
46554be2bda4ce1e8e630bae0b625963

SHA1
327a8f0272c977973ba20a5d882f699d352a5c09

SHA256
df70c332456f4895639a02ca07c5292ad25e67d256ead76e5751dc3edab4a259

SHA512
2deb47f57e462b438ba111d19d95d24cb64eeca88a6c671ba41c857a2757d0bb8911b8256c3b906979de4d6a6eb5489ffcc3fd510a490eb70ce3f74ee93a9d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e25aedfb576aa800d5bfc5e6eab3a668

SHA1
82e4fe7f615b8a847611e668b464212f3cab76c7

SHA256
bc965227ba971b4ede34f0bb092aefbaef86f491a48e803d73dcc9aa30dba5d1

SHA512
c74f51ae86dcf627ecb0df1ff0c18b0d4eecbd1f4851b218b4bc8085fd649e5a0d7e5afb5d4bce3d39032c9675d9fe58fca9498eb7bc829ded1ac80bed7c6a8c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit