hxxps://drive[.]google[.]com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view

Resubmissions

01-10-2024 13:00

241001-p8x7bsvbne 6

01-10-2024 12:58

241001-p7rm6a1all 6

Analysis

max time kernel
77s
max time network
80s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01-10-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722612005595640"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
1184	msedge.exe
1184	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
1720	msedge.exe
1720	msedge.exe
2968	chrome.exe
2968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1676	1184	msedge.exe	79
PID 1184 wrote to memory of 1676	1184	msedge.exe	79
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 3900	1184	msedge.exe	80
PID 1184 wrote to memory of 692	1184	msedge.exe	81
PID 1184 wrote to memory of 692	1184	msedge.exe	81
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82
PID 1184 wrote to memory of 2628	1184	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff10df3cb8,0x7fff10df3cc8,0x7fff10df3cd8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17540374252312286072,18203229757392486932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff108fcc40,0x7fff108fcc4c,0x7fff108fcc58
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1408,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4428,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4540,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4512,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,16768436897511034044,9059882400522777831,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:2560

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
176b4fc7e23250bd9fc99e3e993976e7

SHA1
1fc3353d902b41f379bbfd60b5840f251280d433

SHA256
92119e3d90b2d2748ef54e77ae2bee5c6f1d5c866a501cdddc5848cb220f7bc5

SHA512
a86b208d17e561de5db553e7757e26b888f630c31a24219d20e71defe710d55684f74aa011833f3488a12b5e5e4bf81878fd6f0c65e32065dd6d0a5eddc6bb88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
22681346d2699a515fdec4d4324b1a9e

SHA1
874ee31da96ffd3d30d72d03494b213a41f2f5b6

SHA256
f732f7faa38aa1cf3771f2e1303abe735fd4440a5246e0e679a4195cf318c54b

SHA512
67307f4865c4376ddc42be250ecb6705c93dcaff1fdd962bf2fe8d9ce399ab2a0c985eb8df0ea982cbd18121eae141bdbf4602dfc43e5f1e6bc8b074834a3b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
26459204d8cd369e87d3c31c7100b2ff

SHA1
e4167d7ce3ee660cd0225159a93f8af32e6293de

SHA256
61900418fc7f181588a8e54a5091e331cfa84a52f10ed7765f3c199fbe83d45d

SHA512
9056c45b7baca331f5935c8ccdaf28c2fe002cfbf20c8a54855f2eb22c6529da93e26736ecbb792da7872b319028eeb9da565e9fe21e895b1b421b2222e604d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f12caae96425138e5dba544742d90cd

SHA1
b1553d410efeec0d19581b8de31cf550c8a019c0

SHA256
1381eb130b8153d61040c353bccfc9b66a762d7f955cf8425e3586186a9d5319

SHA512
c2b764e07e72e46df56aaf30b4174359c2bb856a25dd9447a986036c8560d68814b6318c26b492054e6f65927b198b5e408295a35388559ccd54b1224bcccbdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
761a198dbe034aa9718fef9db942d3df

SHA1
e4e50fb5e69cadf86671222fa1f4e398b4d052b3

SHA256
c85b1bde1e8374b92490ce6554eff280f294c09ba7190330cdfee39db5377586

SHA512
98fe4656922ed29f60aeedd06ae4e9cbfcbae7f16f4dd33ee02f41470659457a32fb7f2b6519f9493d16ddfeac7029b3296fa0a380dba6e437077c5bbf69c81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5a6e78307b029065e9c891469a2f46d9

SHA1
bcf3247ace469da8f6e201e0e49cdec7b4e28d8d

SHA256
6ec1688d04d60805c33f6458521fc8416c4058e74d19203f4dafaee93ec8380f

SHA512
a9b3bbf94968b3ec751ed9bdbf292501efdcc723d082ef52f5ff42f9c16fe8ccca1299921766c6e85f09cc98eeeccad0e9a875323664d1eba2213f415514f726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
246fb6aa08c3b24c56da7c3a326cbcc5

SHA1
e3a55c35a8f2e044f291ec4eac3b3fb15c24a43b

SHA256
79afa7f7b95b8d5875e93602a1df0c013bdb6e212a0edc56e0adfec1f67199ac

SHA512
e873297419dc6967dcf70b57baa4adb14b4bd51f693ea93ade10cb148ca9910bc83905b178e5f574e7d3bf9b2319c4cdc447a7a3174647920401e5cb95a6b74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\334719e2-b09c-4cd5-97e8-dbd91aacad40.tmp

Filesize
11KB

MD5
517654da051c84e81faa1063d09ff9d5

SHA1
39645ef81962ca2ec53af41842a435c027bbd651

SHA256
58be69d76c05e7b78a041549f60115c716c6c5d8e404aa1dd1c3052efe13713e

SHA512
b7edae92e43af7b8aac87d137d325918abc956c85a6977b118488b670b87c4ab2eecea709bebd0bd4d6ace7bc12ec6e5b8b8a6fdf7ce208d79a9bf2ad18f2852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
42f8a7b12dc5064c2831a206a4d4e564

SHA1
e5cb2ff0859a1732d5b77367f83604cd2a95bf91

SHA256
da48bcfe358dc6db094183646dcc869ec67860fee367d3255349c996d6133bf9

SHA512
b8fff00a6ab102061e91004860ec612cf35159606d5d9088993e784478a931470ad4f1ce2b3b634de75cd46effc5a54231563cdc677d847c4795189b7ddce4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c46eb2ff978648608917fa1f6727e116

SHA1
192ec99646a71e14421b3fb0fa2f900b63ca3904

SHA256
03f992f38e69fce4515a734be176d0c64bc2abdfd57cd7396433f88452355d73

SHA512
8612907d5b0a0783d34366ddb3d62b1dcc9b381fd5dbba815e5572995eb43766409fb487ed3b7dae2123429a5b9fa27814ed5e8d98dbfc2eeade93e35ca81037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c2e116945ee20ab608dd7cba0b4494b

SHA1
53aa693b996de37a265035b38251c0c509249f5f

SHA256
6ee233ea0b257a377cba5f6afe0eb3df1dacecfacbaf2cc7efba9ff926ca71c1

SHA512
7815562d287c3d8aec719840a829ba3ed1331e061efa0e85cbddf015f76e5d76ac9ea9f43fccae822cdd672a5ef6c61f5c86074c52f1ddc5ab004668a5bd78f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a7c71561f306dca5587eaa4c2ae98ee

SHA1
f6460f19a7286bedd6779d4ff33310d9809a29a6

SHA256
4008faeb36d44f10272c8ec6d6e247fe5787765775e90112d9adffe41765fdd5

SHA512
e88f24adaaeb39615b1c7f4bf8526be27a1a9fb60c067ac608a505e1b261d4363a98a4d30ffcfab932c34184881816141a41b0ea4487361ba24326eba8b67b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f409003b17687202d2f500641947ab2

SHA1
bd508f11e73e207e75f4a327d2f9f83d18af01e7

SHA256
6a02355deeaa193ccaaeaf795aa4dc8f77d43d85cbf29d9f40fe1d1caffff982

SHA512
d5604f053156f9e50b0e44d7649a1f137d777e86220786a8ecba1c42c09c6e96e7ac7d2ffb671b867c093442e222c9ed78b08e6aa9471a015babbb711a181949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59c38e763acd251d532bb269120cf7ce

SHA1
1b5da61bf848aeeec0df9c8b17af0b1bb4bf35e7

SHA256
50417eee05b4196129365d4442a59f0299c6ef14975a9c05024255291ce6529d

SHA512
7593fb4553c769c5943a50353a98ea79eb4874699319e75947c24d277c50e4a629a4cf409ebc8de0577aa7b3152ce4226f36467f31bcd9423d2af77bdd0802f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
40994c15e803c671fd00268dea52b9b3

SHA1
dd38f1e2f96eb919bd8aa4c5d5f6e777b1ff6f51

SHA256
615975c8fc118581ed736c09acaa3020c202c22123fb86a10be13fa7f352461e

SHA512
dac41339268e3b6e40f87c2cd5b5e1892a7a77a39bdae59bdc59a5bb145ab75d728ef98a244fd53415c0f3bc24fcf9b475a85a8b6f9aca1999d18cbad6db9fe6

Download Submit