hxxps://drive[.]google[.]com/file/d/1ZENF_tnkb4B67tLqTN__6137fmx4dYBY/view?usp=drive_link

Analysis

max time kernel
452s
max time network
442s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17-09-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ZENF_tnkb4B67tLqTN__6137fmx4dYBY/view?usp=drive_link

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2496	101LIVESfplus.exe
2280	101LIVESfplus.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133710068956097825"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeCreatePagefilePrivilege	2520	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2496	101LIVESfplus.exe
2280	101LIVESfplus.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 4688	2520	chrome.exe	73
PID 2520 wrote to memory of 4688	2520	chrome.exe	73
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 4640	2520	chrome.exe	75
PID 2520 wrote to memory of 716	2520	chrome.exe	76
PID 2520 wrote to memory of 716	2520	chrome.exe	76
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77
PID 2520 wrote to memory of 208	2520	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1ZENF_tnkb4B67tLqTN__6137fmx4dYBY/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff16079758,0x7fff16079768,0x7fff16079778
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5128 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5488 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2184 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4640 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:664
- C:\Users\Admin\Downloads\101LIVESfplus.exe
  "C:\Users\Admin\Downloads\101LIVESfplus.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4372 --field-trial-handle=1840,i,15969803471027285014,9062783580075794319,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2992

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4212

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3084

C:\Users\Admin\Downloads\101LIVESfplus.exe
"C:\Users\Admin\Downloads\101LIVESfplus.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7ff6248b4c457da2205307daf3c953cc

SHA1
f55a15456006cdf494ec9412f2597fb089acea56

SHA256
92f4fd8afd806a2d629c7cf460241dadb2e7965fe99b5d8f27ed885a60657457

SHA512
f56aa211d5f122f5c2806e23ab50bbea4f348164139a193b823f862ed25a746884b9a8693c92ccc9e7db84bc23e0a10e5ec0ea73e5d903cf4efcea31644a8c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6c51b71844fb8fccb4f4c3a747303214

SHA1
9032fe8d5f07202978e7334ab8a417da29d23715

SHA256
e0b4185ced64cd6432ec9d780a919707ddc591768d29879096007b0917274c5a

SHA512
b39dc2ec90169ed6d429c324c958f8c66accffb6ca9fa129ca0177c54f7d992254e4cf5ec8e37bd9a1ac3371d7564c662144877add50b614aa913f21068ac370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
48bbe2ab2aedba368d017548adf23e4e

SHA1
603c1c577d67ee8ce08e6eadff2ab1a64f0ca620

SHA256
980ca50c3cce53178970892d6c7c1c2c0784630815254d4fbe9798febed071f5

SHA512
7e6c70e42e7c12f35b5355e446c1c66fe2e621f7e96357af66b1357544cda322b0a13fd1eebee98b49a52cce22b8cdda3b2764153e3fed0a9a4343e3628a2583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b27272a9d0becf02f2357733b7a598b7

SHA1
f0cd9d42f6dba6a1acf631f0db0264770772f897

SHA256
0588bd974e91c6b00e05ce0cf94d9d7eb0de1f7aa4c91b7abd21ed4c087f9837

SHA512
6f332ecd0cbb9cbb17eb765bbdd6cc5ec48d8f7fa65e6d1cc97f41ba964e2b581afc65822acdd376790d3ade93431b0cda935408a7dfe348fc3f7fcddd071421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
be701065cb552d62ffc9ec38d2797604

SHA1
01108f15a9be79240ab732d62a85b3749dca01da

SHA256
adfd350799c7b9118c166346692e4188941cf93c582478687b3874a4d45fc1e6

SHA512
4943b7d54b2c72070a57f7fc824a5bbec333dd2d7780d3422d1e5b12e2484ad19ea4cf5028408c10afda1a799a61e291f4cf22c277d7551bfad39b8b31eeebdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f78bc90d2809ae98a60b2aa518a03609

SHA1
3231b899ef441569a378ccc08a1d84cd69717728

SHA256
4ea5e4eefc3692f08af9e87d11c54188b54ccebd2cc1c114028ad54be024ca5d

SHA512
8db26c1eb189d76143756a42bf420cc2500d29f176c9531e54007523fede400b2a26ddf77b1d7856b6c3b70f4ec3ce8dd386663d6255b7763477d73e8c60c6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
98d6c6b233f1298eaf650b288ca92d65

SHA1
92f6f8a7ba14f280c8bce977df11861a99ba18d1

SHA256
eb44b57412d0e8d6cbaec94fa58a22de28ce540af22393732ad5037da1efe08e

SHA512
7caee2090c5b252869327e9435fce2eb2008e865dcf4fa5fbe6b7f5ac6ffc34c072b42964112844aeec87a865974f7ac65b32d317cac3e2bd71dbcbfce0234d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d2ec0e22c4b46ececf85df13fb1eddb5

SHA1
c163531c524f8577d57e2c48adc312c7f025f1bd

SHA256
b2f13fd4314d045930b2255e8654ef47947fcd06f9b1115b7e1f21f763dae79d

SHA512
0c88ddc90c14a3380ca95306296277fda6c1e033bbbdaa87542b0bb9e138f2a928b5db4a76b37ab63754f72212d9fad8d90157ea1fec4da7a4a3937e5d82380e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7d0119c2cde51f36907c4c8a14c64404

SHA1
8aaee01665491a5550c50c3ec6439e57ff38493f

SHA256
4f70cf2e358759df103d05da954be809761c0046244f6bc726345d9dab00aac2

SHA512
dc0f1e5c599b2ce1c84289df0d846526ea56d1e151b8054fb11f74cfa5b95a4ce40b13daf4edc55e1ed44a8df317cb12a996fabbf9893e0d0f73531503172ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e14fd05d57798e48aa072b42ec84cbd

SHA1
0a26114951f1ccadaba7d78981c54e12a5c371b4

SHA256
071f65266c47906d1a81456cf4378a1f67b9020fb6166bcad3634cf73d81b474

SHA512
15846f540ea985fc502130f7d56c9d7e4b6f398eacfa8c1b0c44a867f9ab257cef603ed72a38f69d8a0544db51220f988ef34e2d79039d3e094c9fe4fb682438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d12d439b4c61dc21d8ccac37f95f1f03

SHA1
e6697848c2402ce3a82b361a7ce5e3f03eea7f23

SHA256
284e6535f4e7cb8f8c82a4795abf78df7bd0aaaa5b22a5650ff772dd7bfabfb2

SHA512
efb7385ecb97f3fa8126b19456f56eff94ff1cae7cf8c1941b0c3cccc8b91fabedcba78b0995380bbc8a5c7b7033641592e54f631a7594449c7fdec06139bba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
478287fb611c263d45b5ae5a168c7792

SHA1
1975d5b9d8ae2ed1d12a2974686bcc95059f4c79

SHA256
308756802aa1560fa8c66f668877392c94e385f281b3102aea13afd343bfa91c

SHA512
819e69f9c71a921e89c933a4c3a79e2fa41dade154645450a83c53ed6da3dbbc4bac533520c39a187a966e9b75211aed283c7e6f034156fb36a3821ecfbbf40c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
178KB

MD5
1eda19d7c13b55d270b384040d750cb4

SHA1
73345b521f6da12a9df59bcc4c570128da424594

SHA256
a2b6f2d5247c1ad3ef4844d0b2d4f186921654b3f65592923385a74e5839ff7a

SHA512
7071608a872b9a35c026257a8729ff41ed43a1dbb4a7543357f6db704c59420f62368367d7600aa9b3e844134db6ef62ce344d78b1da49ccffa1206d39e29fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
a19410fa388fbe108ed06c433727f0e4

SHA1
72c57359e4311e624292a9ad2991af82e31c0184

SHA256
771151fe8b4d4501caab3b921a229494954a99818060fff9256e0566d64dfae9

SHA512
8f414020a2ec0980816dc087289faf7ef59705ac646dddfaa90545ba67cd50405887c313709798fb82348493abe6e8846f24fd092996bc9391b2ec319f976cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
73927cc37ef99a853032cba16a1cf279

SHA1
0245ca2fa641672879e940a1ae8854398ee30762

SHA256
805f187fe2864fc7e66ec3fb09faa71edb919ebf1ac4e63bd9a514e45fae6bbd

SHA512
3973d3dc9f3a6fa6c1e4430406efe087d0383021bb339e87b5169caf77986c8ae19ad8247a105d3df33e2c1a1e5bc8e4b62c4a235da16012f0479400d9c3f4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
af91804305db9e56a4c6b2872ec17fd0

SHA1
bb985e861cb859bedd2e626cee48e5fe93f06432

SHA256
32a5444a986acfa9203cca0c0b6e953c2702c0f3c06fe870c62f40d07555d135

SHA512
9eda92a10f2111d85ea11808bc26f4b1a6e109f4fb048020c6cce81547870d7fcb62056879bb5d30fd46368bfd4316efcff3ba82d9b63ea85162af6a16047ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
c7d3dfc73062b718bbeea49d4950fc10

SHA1
2b71140a70d5bea0b090acb740dc8814d91cab5e

SHA256
a9bc24a0d906cacb12b7fb7cd16c13f58b27caac97c668ff6dbc6e8c6372651f

SHA512
8e792c4bbf577128a886033561d6be055cb66651a08e66b23cf5e2509e423cf630d4348ed72d0e75cd62edec2b0c39eece4abd51e42850b68105eca35340f813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f414.TMP

Filesize
93KB

MD5
d40075d54026f15f31c71aa224107a92

SHA1
1b4bbd3894f044c677f10d6d14ddce6665179f87

SHA256
0ea2e9a02b51410b2c72bb5184d124a15f487a51c84d24bc50cb62eb148ad73d

SHA512
d9ed46e8bdb45ce8de4b75e2c4db01ba387e073523d4692d6cd29de31316045d4fbc893edc8e524b186b4046df86597d7d828060180ef5c48be899872506faec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\101LIVES\logs\godot.log

Filesize
179B

MD5
ffa24e096c57db81db8ab357889edff7

SHA1
3e81e5b065cb63832141e32aa5b30c7f64326c0f

SHA256
cc86390b3115abe9d4da57a3e4c5c394e2b5f5de1201a22fd4b30c39b5288676

SHA512
eede22b69926888691cd37c57929c850d4c4e70649e3edb170f713c36171790b59157cada3388f87d8bbd28f781236ec3b47055c7068937d4b11d4f42f7185fe

Download Submit
memory/2280-344-0x00007FF7ED4A0000-0x00007FF7F1820000-memory.dmp

Filesize
67.5MB

Download
memory/2280-349-0x00007FF7ED4A0000-0x00007FF7F1820000-memory.dmp

Filesize
67.5MB

Download
memory/2496-259-0x00007FF7ED4A0000-0x00007FF7F1820000-memory.dmp

Filesize
67.5MB

Download
memory/2496-172-0x00007FF7ED4A0000-0x00007FF7F1820000-memory.dmp

Filesize
67.5MB

Download