hxxps://drive[.]google[.]com/uc?export=viewonlinedocu=d&id=1Gk_z3YLjPWaScYGZx15-aWMawlleazAk

Analysis

max time kernel
64s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2024 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=viewonlinedocu=d&id=1Gk_z3YLjPWaScYGZx15-aWMawlleazAk

Score

6^/10

discovery link pdf

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
behavioral1/files/0x000c000000023b4f-28.dat	pdf_with_link_action

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758880104599495"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 2144	3456	chrome.exe	85
PID 3456 wrote to memory of 2144	3456	chrome.exe	85
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 1948	3456	chrome.exe	86
PID 3456 wrote to memory of 3176	3456	chrome.exe	87
PID 3456 wrote to memory of 3176	3456	chrome.exe	87
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88
PID 3456 wrote to memory of 4504	3456	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?export=viewonlinedocu=d&id=1Gk_z3YLjPWaScYGZx15-aWMawlleazAk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e6eecc40,0x7ff9e6eecc4c,0x7ff9e6eecc58
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3788,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5224,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4716,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5384,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5404,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5652,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5752,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5156,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4468,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4492,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5868,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5456,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5800,i,16270737353011575169,15777945493698640530,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1e41a431-5d9a-4c02-8f33-4de94fa39fdc.tmp

Filesize
116KB

MD5
c24489579e9634521904dd81f4399647

SHA1
deeb7a056e2402950514b33c44dee0429d73d749

SHA256
9fa184cb29d331f8162b9d11a6942791f48bf15f5e5ea9069cd9862ddd44166f

SHA512
09f6eae1799f4fac8dde6b5b2d196ed4b2d79096a65365008c284872480741e5f7be3b7a45abf59fc4e5f7761f92f1d99dafb12058ba6120d7087a6ccf066139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5d19a4a6320a0b135ecc507a899c6442

SHA1
d01671f10abd9e356423ad248e67f47f6aa9d92f

SHA256
4f1478640dae7cc663c36e26bf605cd71e80f704f7c422f731119bf77d945f25

SHA512
ac8c4f8cc3731c050b5da68d616883b24b6194b1fde773dc9aef3ea653e863625a82d033e6b9cd88cc7fec3483ddec2284a8437999a3249155757527c8ccf2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
23KB

MD5
80204231c6c999e9ce6b7abcc33d93f1

SHA1
cfbe4c559b134de38367e618fc64b30690e2e257

SHA256
ba9c7c8265f7a11fe2c2ffe7b2cf3b8eebd99d11ef224011777d93f2dc51b5e4

SHA512
40f43fb19545cf51f89e0f54ca744573c0246eebf4be0418e389016586e76652d2e1ffd918d883bbd0d7931b757c997ef54d244c68ddcd3fe13df93d811750e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
0d5f48712cdd91ed98dcbac5de5b6e18

SHA1
f776d1ef21dcc932b25ca3b149a6d6a62451a33a

SHA256
a9a5db474c6d34577e12255d94ef5a4868ea6668c5c84774ef685b74b221c203

SHA512
82b5396d7561ccd5ebcfbc1158b129ba036760c437bf484d734d5c88a69bb0c05912f77a5f269db328c3c3032ee7cde2fcb27bfdb64a3693562ce9bd1beab0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
7bf0d09acbb44d6586738a225e64624e

SHA1
89bf494c0dd54f985f996683c2073106827f5979

SHA256
4c44f0117c3e399dad3748181125c4232c068a90105daa0b7a37e72fc1b9665c

SHA512
0c2f20587a00162f904f7033868698877390a8fcae9a25fba3c8debda21d9878b42325427a4ead3ba4b15474932750c37c9fd12f0026590bbd5be3cdd0adcfe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
92217dd5366302cb8672261a712792da

SHA1
9c10800bea029f562f10177c1afddc351d977b49

SHA256
07c2b077b06d079b0c4cd2004b9ad2217cb6ba799e90ccb5098046a94b993993

SHA512
c7e104b07e9e2877aba1b2567612aeba18af63d118e303f44fda5618d15f3308454eedd72ae9c35f7ada887f3a2771ad401ae228c9ab8383beb7334fe10e69d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
c9b421269a70438b87dbadac29547703

SHA1
4afb4b7229d6b84c3efe51bf7352a2235ed55f36

SHA256
0e767aa148cd7dedccc7eda6e11516cb894547b8a104d55d7c1472114f165055

SHA512
3f8bcc3eb69c8d89af26d112c440499ad59ab2cc7b27ae02889377e2bc8c5d1c77726726f3cf5c6dbd82ce1907e5633c4978a8b362b4afa077208b2ad2717925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3cf1a42f60aa2cd0dd3dfe28cb29d78

SHA1
58eb2ce603275396e1f0b9b57605df9580958ab0

SHA256
d05d69f4a2af62a31fa4fd005d1bd56d1a58a402551fbc64a301b5959440b628

SHA512
54fad6e86096dfe34abe91e21d2210c4b79f1dd339212cefdf95dcfad686bb9055ede721a49e61c2ec8464d3a53e85567042b4226537b44ee1403607fd4c5fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f06a03a69c2842836434e4f9dd46c6b

SHA1
2330b2c41cc1044fe598ae4384920e41f0922ee3

SHA256
72b0f019309a63d1163bffb7e6e377d7e961bf2c65342523e273c05f256778aa

SHA512
1de0b9907144396161bcdf8b8ccb2148f641b93c6c1ab71e764c60395f1f340e7ddf4798de9fe0d2cf7a3d5db2723574f7d877acb444a8454f9ef4b9a0d52bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba9c3420a7740201f5395ebec7dbc843

SHA1
3e5454fca5c0fc05eb24245f61512344125b310c

SHA256
c1512709c47b158f0bb993693d67bb724688f855f34199d3b5b931be6021ca32

SHA512
75ebbf18ebebd310840fc2f84980afec60e35879728501467a1515e4d302384154c91bc48325c34898a0069fa19e02dadebc25bc3084f3e5a66b4b547c8d016f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cc38f59a-172c-4852-aa0c-d802bd6b3376.tmp

Filesize
9KB

MD5
971b9516135fe6523b208c7720c2bd75

SHA1
3fe8012132bf81151ddc974f12de305efcf0fb0a

SHA256
cb1ce394434911adc7660ce3a3a8f4f10c58cbaedbb6ff3469fd73e6bc737911

SHA512
65c97ddd74544e32d70902a22fb7e34febcdda69ba1fbc31a75fc3fda45abb862250cbfce1e9e646fec4033ef7c808d9740fffa990384084cb3c5c2ab9b24726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8e70e6ee738a2e220437c3928f52568e

SHA1
153d8e7b495c1a84f1fa4668d055b892b5e2384f

SHA256
35d3851de718d2bb90a944b409cf994a122ab71cd69b8a92797b7d1fd6f7bc02

SHA512
a7c96aa6e12280c599179daf49826b0724172815f486252ddfec98dc201a6cefdeadf3136949c53ad42be155a434148fc0e7b4a478a1b6f62a9c574e1f85b17e

Download Submit
C:\Users\Admin\Downloads\Kemper AIP Metals, LLC _ Kemper North America ACH REMITTANCE...pdf.crdownload

Filesize
34KB

MD5
2e659bcf787f4a7e3d00670bb49b623b

SHA1
cd949aaaf252e6e2ab4df0ae0682d49809ef21f2

SHA256
56d36f643b296965e427fc06b25e256b091378a91e3f54b322d4945b1e1ba10e

SHA512
c3d7581e46a9883d532d2eb0669981913e0c844752862500f9528e633f1a15e192791599a6879f91593455cf4bbe75d9eabbfe61747cdaa455c034731e438b1b

Download Submit