hxxps://gofile[.]io/d/LOwIP7

Resubmissions

01/09/2024, 13:41

240901-qzjg9aserf 4

01/09/2024, 13:40

01/09/2024, 13:39

01/09/2024, 13:37

01/09/2024, 13:34

01/09/2024, 13:28

01/09/2024, 13:25

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/LOwIP7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133696708587281079"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
4916	msedge.exe
4916	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
3996	chrome.exe
3996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 3220	4916	msedge.exe	84
PID 4916 wrote to memory of 3220	4916	msedge.exe	84
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 752	4916	msedge.exe	85
PID 4916 wrote to memory of 2512	4916	msedge.exe	86
PID 4916 wrote to memory of 2512	4916	msedge.exe	86
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87
PID 4916 wrote to memory of 3052	4916	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/LOwIP7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae1746f8,0x7fffae174708,0x7fffae174718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15497173250501529448,3867942606773605900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff9e5fcc40,0x7fff9e5fcc4c,0x7fff9e5fcc58
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5256,i,15055074185796692999,5604134685763443982,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
42596aeb10f0e0b8d1f745def3a1dda6

SHA1
3826879615ceb708193322706b10e743c73eea8b

SHA256
66f1cf1358daf26d7955c3170db25908747513b5c7d698291760ee5f866a3e0d

SHA512
8fb7d22de82b4f7d4d8a02e3040a5fd016bf5041ade63be3ac638d499871e17caad6787df6b22146a86d56cc37c47303dddd14bd598162c37c98a47da08a8228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c74fc2fa3e748b2abbfd40faa8366e57

SHA1
646e17ce7ce439f4747a08178606827669eaf95b

SHA256
bed487bae85a1d1c20bfcfb5b4591fef5801a1973298b27bb8f08149bfd367b2

SHA512
0c30a3f6b992f2c84a5462582579ef5348a034f6b875df2af2afaac8385f1fdfd456e5f7264984de8c5e6961ab5206fc462fa89da90a96d01031df0708b8adc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e83e7b0f099b750a2b8cce0a7a604deb

SHA1
a97c926381476f2f8810c9015b1ccbf5f7b116d9

SHA256
ee03edc759aa0b8fa8ea9d5f996996c719b8353520d7b630f2faca5623eaed7f

SHA512
a1430a93f080640ea7aa65e078dc0c8e08a32e058e57c1455720f4784f33a78ad1f8dbeabe8e10f4f24a99617e04588880dfeb3d6aaf50f623fb0a811aa4a96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c406aa70-c58c-43b6-90f3-2d182b5187da.tmp

Filesize
356B

MD5
8c5054fcba3df81fae1405840c503efe

SHA1
2a9e322506d0cbe44c9993dce7da987d1cc18d9c

SHA256
ab47de968fa7f22c959b10877e1ea40e5cbd60b0eab91c6de94969f87d8e35cb

SHA512
b27914dd852096cb2f2856b6f4ff1522068518a21e2cef2bfe4dfd7256ee19dae7aa8697ad9b4c4de8671f090ef074c07cf796336375a4c0336f4ab2ebcedcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b365f5e3a38e10455f65b0e9a6403cd9

SHA1
c6315bb6a59d15b6cdcc26d6f56a496c68dcf8f2

SHA256
ff207e2c49959bee3d0884d48f8addf66113cdfbc1de049999ed8fd0be6eb4de

SHA512
ec88a4d19d995ce31f5a0d94bbd8dfaf948aaad9718101d6f43eaaed46d8d514c71f591e87e22c97eca9a024615100d1b2fc3c328444a8184bbe4ae652c8915b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a996631bbd18f54e37719fc16aa413a5

SHA1
5009c7c9de06bd3c66554448132c5418dbf0ba16

SHA256
47f39d453718fc725c05a2063bca6f8c3ac9c2f24e0eee37f07a8d835e44c1b1

SHA512
483d41bb6a25f618af89cfe1a1e3d522a75766d4fbdd69549b2cd03c0e4d0fc2dbf46e1bc69c3cb2cab183ec9ffac169b828dc9e14cb2aad6014332348d32619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e37fdfc18b659df3f84981baa9629121

SHA1
a0046e6f6c29e4719e6b8bc2453e7c033ac5330c

SHA256
6d15aa76e1a2c221bcca0bb57ca1cdd0b77a036b9af8701c78f08b5674ecf795

SHA512
6d3e84b831d83a6cdc23821aa6dead4504b6f0f5754eafd0a5762d0a0dc0c93ea3b4e7ecd1d3bc4c699e7baff4370ce86fb4200b9f47c91d2186051efd8378d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30b3ebba9602bad30b8788d1ee89087e

SHA1
90ee93f8fc87f3b9c11e48b8a928326e5ff0959b

SHA256
35064bc9e0349bed415450d31e9799d4e2eb5d44cd17cdd8e7088b6d2521cbbb

SHA512
8f5b3d988e4ce35f340e5421a2d8e860e589ae2ecf34a7d6984d3d25cf67e794c6c0ea30b267084e559063c45dd4f0716fe65e4618f0feab5c9bc9719d2a7b32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
719186c6d6937f1c671624b0e7108ace

SHA1
95544d8adddb7682438c8ef41f98847316ab9f43

SHA256
65ab91839e5f3dbc0c2f15ff85c778e9674e5d389e6ead810e06e3d65c607fef

SHA512
9e3d09a05010f1a365447f88b232af0c0a190286cdfedef3ee98556185410db43e56651a29414af33bd717bd8df2baede13bd2796f1ef2331d6019276f94b800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8b3adf41b36291ee8f4806ff074e6e30

SHA1
654bda5f927c51d8a9244b34cb59e7fbf53a41d4

SHA256
2d5cfde431ddd38ab91b1d2fb64f82c04bb4325bc45ad716a508c6c01df546d6

SHA512
d793d99772e63b4b8fd4d264db0128cefb908f9673718c13bb15caa28b9fb3c24a7d4857d1316d0ff7f3a11433f227c1c06697805739bf58b3bf697985cb5f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
a464ef42c6a16f7e8bb21ac1235e2a06

SHA1
f60c6d6b389c9f0601d0c81d7946fc8f3b5ce93d

SHA256
d14724ff83b0d44d98c38e71447b2a85eb0b7c3c7c59a96bab2ff9d7c546ea0d

SHA512
66799313f6ba3f57a80d8cd8f60caa797a0c54e3ec19f4eb44c532821be57e357ed0d4f5cec61ba4577f8643ea1e60d27d57e3b777b5ef11f316021105bda0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
53ed6ef3fbbd4031812deaf66fdf1f5d

SHA1
da31658f86fcb64f30538dad6aeb828939a83322

SHA256
f6a5b0c4264e449229245ecd312d4b03f6616bd8e187c68743ed8651232a0fb1

SHA512
1d6fc4bfc48774fb7356840b4dea107cb7ad54942d2452a62491311a4d711609a234bd54780120591351c9ddd8325af4747df7f672e97eeb2435c4bb63c1affd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4a610c5285b64596338abfdb4af0a1f5

SHA1
9bba8488100bc21558cb73e3089e84a1562b5419

SHA256
aef1e457525d1b8aacff2d114338706fb00e6537d847b560e12f2713a9bcbbe4

SHA512
c8d32450524344451fa9fc6e39975543867d845bbadcbacb66aea2e1262aaf478e3409d8dbe3a3622d1319da89494ba2a17119bf9c1d80099a12644430dbc2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
856B

MD5
1eccf1287cf82440fba6554a3fa1e8f4

SHA1
5653eff368e03967fd59b3feafb2081b6bf7a72b

SHA256
61a5ec0a1468395bb6ce6c0b31d65409cc49d0ba5463494311fd74f8c812038b

SHA512
fda73c5ea19397c973b21964be183f263e9f2d689e5dee656c9fcde4da13c58ea2aa3855ef988978fb4eb1e1189bce5b02407c69f681cae6f04c99cb424505ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b423102b1ad6ed10ab9cb9dde0504f2

SHA1
a7940157c90e1e5b80fa1132590b68fd7aa6e4f2

SHA256
eb75622410051ff84dc2c51f8eab187dc2797d1a15f77ae684f0068dbb32f179

SHA512
14aa6968a22267b83274adff61382c7d32bb96be478488e1b12a2517cd5dc10da72bd792ae8f6ba4147fe1ba6a8e56b465f5a43458aa6530b27a8339e06e82b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed3eb70e536517b7ec443329e196d4f3

SHA1
d2a2a160327ff3f8fd32ae6e57eba33691efb3a3

SHA256
27a911d488313c06ab33e179c706041da72dfd5bb3b8d8a52ea1586526ca7e91

SHA512
b8837a435563b5236b82e71676fcee2023f5d8e2f9d0390a1f6ea2a60dff0a995eadc965292b4746448bb6194930360a0cac853acdf42c206060bb4ec30e526f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a64aba671df565c4c418f0a6a8ee0b98

SHA1
7a2806725f10c1b75cb033532c01c147ef510da3

SHA256
c4dd8d719a83f93f9a3c78fbbc6c0c5b8e58e39326f99aeac280f7d7a0ed7475

SHA512
184bfe5ae10f82da5437950ac8e5aff2c2cb7f7b76fc8c7bdfe1aa1fe16acef6f57d802be84ab9e56f613fa7928b26279d9cf4fd46ca0293f0d68ece6f48693b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6afbafbfff665c2e261ad6cd98402137

SHA1
eece1a6a110c808edd0d7035382cc7a33ab0219e

SHA256
5c4035c7a0fd9cd7bcbfea89e54d80a03ded0033f7cd0a314423c99e4e6c0abc

SHA512
6d451cc4ab1b46829180b8f2c136bcb33a9fe6f378a5daea060a0fc50129830e0d4a28def4fd00fbace6303d14be268ae497ec429da09e979d82c0026af58189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
768d812e863b260b1a3f8eea412155a8

SHA1
f1c2542145c9ff230c0ec120a189ea6e1a605f69

SHA256
1fb0fec01212b1613dbd7cb2c97c94d71bf3a39006e5c5851935fd9f17c612fa

SHA512
315e01192edb2308ac0af69c78e3342b80b763e679139cddea5f28883132a2c99cbb15f67f77f48465dd628a1f2c427cf9b09d153c4b4aba798f53140983d859

Download Submit