hxxps://drive[.]google[.]com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view

Resubmissions

01-10-2024 13:00

241001-p8x7bsvbne 6

01-10-2024 12:58

241001-p7rm6a1all 6

Analysis

max time kernel
65s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
101	drive.google.com
102	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722612657526730"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
3088	msedge.exe
3088	msedge.exe
4276	chrome.exe
4276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 3880	3088	msedge.exe	83
PID 3088 wrote to memory of 3880	3088	msedge.exe	83
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 3172	3088	msedge.exe	84
PID 3088 wrote to memory of 1848	3088	msedge.exe	85
PID 3088 wrote to memory of 1848	3088	msedge.exe	85
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86
PID 3088 wrote to memory of 4120	3088	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13396091289962395770,4092691641170151851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9fe96cc40,0x7ff9fe96cc4c,0x7ff9fe96cc58
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3416,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3728 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3740,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3200,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4468,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5468,i,13488437633846254731,5116598079946452555,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4604

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aa52eb74981dfe3b08c9b4cba4422258

SHA1
47773c17285a5f96545524fde37855ea20a66e9b

SHA256
e121e98ea5b27d3487b7a53440af8e6138d1856dc04ec9445db5b2ae06db5a9e

SHA512
681642dac4e82e128fab541956bc9e9652c26427d3ce99d103b65f020a3f49e33b624fb4402ec981cceb91fdcaac0cc6bb5640fa973578bf1f86d81cead41169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
83a17926eaf831a5a0a274d474dae298

SHA1
dbe833b8bc959b7de030db9642777b77816e6214

SHA256
9ef4580941fb2093a23f5fc29274a7655bf095ca862c76e5a57f6f09a78e755e

SHA512
e123c88afcdc519b8572ed3e7938097eec7f3950d78962140745e84ccc5ae13df67701e5eff093a469dded106389c6691432a717ed493f845e9e39f6bf13132f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ffa91f49b6da5d4f658c676ff6ae035

SHA1
820f7eee62827962fa2d82f870362f16ec9fc70d

SHA256
122d6846e07e670ec308ced402b80c5f5f5921b597a7d41478c0bd9d463d480d

SHA512
19cd8baa9ad0874a0699a7f513ce7000935502a7720a32b15ebf15c19de081dc2a7ac35960ca994577ab54b24bedf4ffecf82a2c65ecae1c30c15bbc1146f496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ddba888f853e980f192dd197481a88b

SHA1
3557dbe42323296f9ec7f2783cdc49ca269790e3

SHA256
710c8c916950687f852327a564e7a5e187f6a5f781af11a7a16d96621b09e62d

SHA512
87071e68e2709d6cb86bcb096e1df722cf4ec9833dc1f9110c8f831976a80e556ce79ae6636e3575009647cd67c96e1b7aec8502bad7fdedfc90066b25fbaddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bf72c8490f05c31356e6e2e62701ffc5

SHA1
78704c213b82a3c8cab3e39924b58efbc701fb36

SHA256
a62a422e4db2a01505f860537a3bd164b0addb30fae3e43b904d7a6c2e1bea89

SHA512
ebb6b1c79248f59ffdd9840f091debdd3d18ee0f046ce1085f8bafd175c8d7654b72dec6629c6e1edaf879bca137d10a66364342f1f49e5085e67d4d3237b75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4745e3206288bfb1a171bd04dda28f3

SHA1
2c06dbaca18d52c83afe3e0e2760c5fffad0ba87

SHA256
b18a74573edf9db3e47b594af67081f400402ade53073ef826432049f92d5dc0

SHA512
85d0765c45d80412336f1a1bb31fa685f523ac8054a3d3e8d8b2d4bec0068f85437fd06ccf0f9744dc7b7daa96a74f195d469903b7f3f100bc3204274ce49563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25ae9fadfc4eebe6f8b6182dffa84c27

SHA1
2ae676e7df8cb50c8a3a8b485602538b8231184f

SHA256
c4653aed91b161c25db5dde64a2c8b7154c10a40a0cc3e25471f9552bd54c1d4

SHA512
c2776b670924d0d6542714af3e001aaf3eeabd492067725f4db5023016140093601b9ef8c4afdfa5b95379897d158451e1cafad7910762fbe506c0e9e59ce2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fef6fa10d5976ff3e9ceccc6ce05a84f

SHA1
cad80f738afac9db75a7815dbbb78e7d2680f4f5

SHA256
6e1f2e86ee679f80be00aa1ccae512ca31b99320c71ec3671ac232bdeda4969f

SHA512
cb499974ece494797b39673026d8c0580bd5d68abe5796c898361fefd9e023d2db7df734e9b00e339dd6019cfa51ddb132ea82fbf18d0307ab9e200cffa588a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
f5526db8daab140ebb7ebe3b1be23d3f

SHA1
35a0e31fbe952b830b5bc734b70beecbe14436a6

SHA256
aa320a9e6299b32d370f34ff95c31c7d979e53b1418b5bac734dd77ed7b4023b

SHA512
07fe65e904bd0bbe143c198fe20ffa459cb745d56fa6bbf2872f7a9959c3938ee55d92057c55a6acbeaa21893ba7f02ce08195135ff9838666f7b67a6e52b048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
27ca4f9fa0d6e75c1a45fe9a15bf1e90

SHA1
583a9b9e78f02ff9b846ceb1e7e30602be7d254c

SHA256
a8556dae76203d9e14e9cf7c5b60bca4483d9e1f0dace49f6556f1d8e7368db5

SHA512
8c2d739bc40b09cd35aa59433f8882fcf38e95e73bddefe051e26d8be8e76bc75bc7495c0357a5774421238a1f759fc252a42089092d8f8f0be10c692f8207da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f83d49cc9d5e20440f66c0bf18a35c20

SHA1
87427df2d39f6ce09e11f21b809096a56bc6c16a

SHA256
742064c00a0bc368463bbf19d09a25c567763be3e6d883dc64d6dfd2694596d3

SHA512
4c6e1693cfac2dca9b1c1be632e5963f56ef1c2fcf22e3d357775016a8694699ef92257e246498238d03b49e031218174077ec4774bcbe2071628beea1d7222a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4c20cddca6dd7a9304374e7c0f561722

SHA1
b210c463ec4eb490d839e6a3d089d557a2808488

SHA256
b6e679e3a83def167caf5901aa20eeb0fdb7fb2d1098191ea27d49f5df0d907c

SHA512
12e0954ad8f9657145adc4f027a5971dbeeee98ca2b9b28d955909ba1357da426bc6b6e60806a9a791e0f9150e54dfb6114948d9b4fdcabc595d4aa2273187e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
084bbdf6f53b1bbd0cf20b791f6fe2ee

SHA1
ecddff770f54e55227fa9f0b6ecbf6e7ed211c43

SHA256
0e20760ee6db77c6422c1fc8a07899c5a27202a907d1a78c927d22162ce54fdd

SHA512
aa9b8b2e325100248c2356bc5cee42281405b6f0fd7a275b2884a6f5dd60a9c6abbf8f6ea7f417be0e5bcb0dc0ec7f7fd38252cfb7f2fd8f915a048c31e654a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e900b76b2cc4760b54d9f348d4aa5e7b

SHA1
9aea6fc0371c4c5a7e4e19e56da6d8a965d18ccf

SHA256
6cbfadd6a31e344842abbd1916f238bba56e3f0ddfacdb4f1fd2738efc4fa9e2

SHA512
b4b884fe9c3dbe6a16cc7514ddc52a3038de3d5765b900820b3a9e293c7edb1ed5b4ca5f5070671d1420e3b1dd8d2635a6e4e1c428c1e9f84b4920de323e46ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97eb4ab42824fc4b36abe6f377a7720f

SHA1
1946bdd3745e0d30ed0fc3da2101d3f74d37ec9f

SHA256
3fd6e0b6998f0e47df9b28a560d436140f9d91c77202e66c4449c6fa7994f061

SHA512
eeb3661848544d116ce51a7eed0026a9489ab0eb43d97cdd85886ae6a7f8f3150baa52eaa03006cc6f0622e32804a231f98d608c966ca085d877632fad6d3dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cba38b62d92eee85ee75e91175d7a50b

SHA1
1dde78fd12babea888b6bc8f2d03a08e0d08a26f

SHA256
0e23a2e0941c52b6706aba196814dccbb0d38a57e5eb1ed34f51765208049d9a

SHA512
c0d23526b568444d5e7ecc571fb567cbabe096115e9b779f6a180317303485f663918b8da6291ef5aec9b80f345fb4b2c293b238f039a5dabe799a63780f9cec

Download Submit