hxxps://drive[.]google[.]com/file/d/1pXKo7nOSEJj0jdbqz6_fmXqJHNBCM2Lg/view?usp=sharing_eip&ts=67362b59

Analysis

max time kernel
84s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2024 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1pXKo7nOSEJj0jdbqz6_fmXqJHNBCM2Lg/view?usp=sharing_eip&ts=67362b59

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
5	drive.google.com
8	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760776783800663"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 844	3996	chrome.exe	84
PID 3996 wrote to memory of 844	3996	chrome.exe	84
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 3716	3996	chrome.exe	85
PID 3996 wrote to memory of 1476	3996	chrome.exe	86
PID 3996 wrote to memory of 1476	3996	chrome.exe	86
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87
PID 3996 wrote to memory of 936	3996	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1pXKo7nOSEJj0jdbqz6_fmXqJHNBCM2Lg/view?usp=sharing_eip&ts=67362b59
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff0038cc40,0x7fff0038cc4c,0x7fff0038cc58
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1604,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1596 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3784,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5076,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4992,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5284,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4856,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4576,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5324,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4900,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4512,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5416,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=724,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5484,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5600,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5492,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4956,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5704,i,12050557375613897990,3532270461037130029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3952

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
33138157f38a85a94a6d31582f71c383

SHA1
eeb2887d97c249ff3ab71086fb29ed42eba2c5af

SHA256
1547040b3ea24fcf966ff1c16715437569448750360204fb934d729d144f5510

SHA512
531bff9d71d5d7b1ce268013daefeda1482d62f19445da84f8223d6565965f326a50533b6d3da16957b1ea1ba488ea47ffc5aa454d8c6fab0d46f573f40de6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
56KB

MD5
62bce988369f94532c831f698753b286

SHA1
a36cad9ffae571f2d937f971ca82b3d4cc13bfb8

SHA256
3f571619c5128c79f1484bdc989d980873264eeaea9d9af8376278212b7320a9

SHA512
d93fb5cda73ee279db4bd02c89f47e21913c5f8c37d26cd2bdca4837659173e6f521a17822f84c1df3da9cc590148cbd6b39c930c62a61da9f3e6bb845062f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e04da03983c937442da918ce87ee1285

SHA1
e2c42472d74a63ad077b29046bc2b65a3034b42f

SHA256
1851b22366525583b3884cdd2719d39c26df03a55f1dc33710c1f3ef2cac7bc4

SHA512
c75f83ced8a4d1149c5754d84f223fef1df043ba00123362412db115d324d2bb43896dd02bf7efc8b0f3a2770efc343db4873655e5dfa2bb252b149060a691a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6057d8c87af8284213286337fb01612c

SHA1
53d5e9806fdb57b567c9d73c20ca7ddfb02be5e8

SHA256
db7722215cd4c6840883021041057f17d1e27a5d9a6d7289f2342fffc87a439f

SHA512
1db3c631e88c870476b92190f6aa45ce0a4d069402517224d7671b898d22d1bd5fa16aa8d948da142f69ceae6f4e885bec0b93609b7ffe8611e1b0424bdfa031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
becc1a602134c293e847a38ee6bb6f83

SHA1
d8ef003ef42dda0b900432c10bf928504bc78305

SHA256
fd909ba7996eee8f87b69e9954809f9c2b8d9a90c6ec44f09123c237c4c32c22

SHA512
ae1d6e8e40256518307ada6300401aedcead95b7f57fde20e1f390ee175fa3d5837ff11cc9503e965492c89897aaead219ce176da62934748b3aacbedba63774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df8ea6e9ae0b51ba316eddf2852bb574

SHA1
074d3820c00702dada37c458d0f516e0248e00ca

SHA256
c63d8ccef50d81d76390361ec7258818e0416e6a7559cb9cea6079670f342d44

SHA512
e30e66c529bbde2367edb47b2782a8a4439a4464de0298ba0562812ac5531adc1b6c95f23225ac3c8b00bf2144dad944c3665fba92cc222403a711d19cb88a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
66481c4a87fec91f513743b0c11dec1e

SHA1
e861fc5ddb1246d499a4109613c0022b749363da

SHA256
646e765b8083f64d650d94de478561edf65d7c8ff831d6a1da766c21f281b310

SHA512
a5194c031f2b92265a71c7deeb111f45de9ffcd31895e83284131df8bb27c8f3923a48eb65ad89cced473bcee813445e412605b593655410decf94c1d3d8a28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ae05f567a2a82b37d02276137ff38d2

SHA1
038bafa09bc19aa86ae2a62a213f9a8fe6c82b8e

SHA256
3a22087e5bad30f2563c739709bb401e48dfa5f56ea5433e1fec111eecc474ae

SHA512
33d2b33f485d3fe4d52be26fba997a6f7dfac6e1fb603cec410c8b01c22a3d62edfec0204e23f7412c7a594b1b8be879131d4793dfbf5e9e8995b7bdc3455180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
89687e53472706ea3d000c8ff917376b

SHA1
05d95e78e16929a82d6f06b63d74be31f6a28d12

SHA256
dc4174cbff49ca2e59484c86e10e0d57d41a0ac9ad371243c50280edf5dba42d

SHA512
e845679d83da9c17d278139ef21322817cb28c99ff727b4683a0be33b0cda1b5a6820687f247a94338ad24ed430a5460c3d78c1753925a1d08f611b997edaae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3f13fb9c167af96ad8391b8968c6b10

SHA1
17ef0f69451a6b40ecf796117f385af3aec5c2fb

SHA256
3c931b7d13d8d1b61acaa28be540569c04fe51b214641bc9ef8bebad946e432c

SHA512
67939f7389139c7ef87337530435825100d3efca4217d6bcccac16cef3e9878b869e168d5f1b53b4a9012772912c829d2298e976dae29eba8d6b91f633d7eb58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7f07af1e2a25f0b5ae4f09d9a992428

SHA1
9f5cbce39d8c0f78dd56997df5b2a9bf88b02e33

SHA256
064bdb2acea57d0d1b1f3719e60218a32e95faf9c35ed26349c7b2fff8be26b1

SHA512
933c37872d0414a1807359fc5ab6af14befb5f585f06d72ca545672b245a6158d7026e79ba87b408496bbfd49b26964d64e0765e5fd8007079f3e64f543933d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
33807343e2c125753ef71364b83e3b38

SHA1
81d60f71d05e4cf3b788694ba6a11b727ff4d9f0

SHA256
53ee8109f61116156be37b473b0d27163d4fb1d7dfcd897edb6905d9812d16bc

SHA512
ee50ff5ff4ea2da6385f76d22af668f1acc4dd2dfe8779959fdfbee5eb7ca728449d971e5acf2951afe77bba4ffb5cfb5f8420756805cc2da86350920a3ca8b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddb9b7fb66e28fd80688f406375e749c

SHA1
da07a5af5504b79715888c5c232896263cd209bc

SHA256
24fe7fdb93fe50bfaf5cefa627b66eda102a94257288b8a7b99318c447abe8de

SHA512
b34d710779d63627af193bbd6f7463c9739adee31e5e3f45a71d7f0bf3a204159ff8b75115469692416a2e5f2d5544e62553955da86c82819469fe27cbde83c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5de32b613741c3634efb8738bbce3724

SHA1
628bb7b637b9db5fab4a7bf4b73554f5be4aab74

SHA256
2e0088960b78559453f46af323bdc5c7881f67c43d753d439340c534bf94663c

SHA512
29ec83bed3cca937933f7e3365aca2ce28eca4bb949eab3616184354cd1ccddff31a2daa96dfa037969831ced0ce02931dac932d9f4e944d10627cf3af6f383b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
187d86ce01ad6d7d4c25dbd4b77b6d5e

SHA1
c9b6c417056b6bc2577bd1d91056bde42c47f227

SHA256
248b82a05eb79dedbc6f7914b271867fd7f1687bebc93e7346c3c83ea22d5850

SHA512
58ccc30fe98f70f6b224ea92fe61a861fa69b5a7af8a788743b896c469fd295cb63bf0a6fb5e9609473502acfd5d93ace7355899d16fe556a084a76521b94787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f887262b030ecd0926f5445e33a2990

SHA1
da1eaaa3414610e6b198032ebdd2ec10cc8103da

SHA256
a91389178fb23532c801759160b52459e619ae5290ed21fb7f66ff9ae432ca15

SHA512
789aca173dafaf9e1a812ba1dd5e6050521f8e37db3f1ff72b9f21db80242a7b1c07919a627da56b413e70131103d8cfd5073b44fc2a6e788efc45e120c0d9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
940b0de0d940da85c1b87b48f6120dda

SHA1
1e6d08addb8ad92dce8226965b42caffc76083de

SHA256
4bdefcb0d78ba367d1b96251cc505db2d96a1154c132d69458159bd963b04c06

SHA512
163d0856f4d1366002e79ebc23c375c23487ab1d2575d2db045216f87b7594cfaf13769b6aaacc5adc49443824ad8a122f97f5637045d4b7f4933ef3fb794923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ca12915170182f644be2d3df52121f58

SHA1
6958f108248f95d335508ffc4c22d8f5eb3fff27

SHA256
78d0cd002a2bcb75d1098b05ab5484b768b4ced53ecdb301582304dcbdf20e87

SHA512
7708c901b243e0176b3f218f70f39ae78bb770dcf0d23922e6217233d1dc54b6276c53e84a21bb311d36d345fe9eee59b9080d0837deb82328ab8280872da46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
64fc91f8544cd3a5dda298445b428d9c

SHA1
9089cecfd5cb4dc51bf1c3994b24725365552739

SHA256
039e5197e5fdfbc6cb7e3a4218f9508146b5820a1c482ff02761425f9de8ae1c

SHA512
cfa39ee696a34a3c2289fb35fbdc5334921606bb554c115bd79987f3c64b587e7ad5a20638e7a165043c6f28df28a5aceecbab414508d3d513ee6e1b70328f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
22fb0d33cfb9e252e5b83f58f5f006c3

SHA1
448ba2dd74ba71139948de200457ded740f4a536

SHA256
23518a688f1282d8020953b143119be2c5231d93413cbb5d174a01feab49f262

SHA512
d3757a9f46c48db50d1a8999d3e10e307fefca71fdc4df433d3fbf73d89659904e70a429c5ca4f357aab68b803f3bb5dff80a9fdf41c24d2d8feb9fc65fc4bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
416eefcb20d9e159a573ae91b99979ba

SHA1
2e4acc9eb070325b778e4fe63be374f113cbe4e6

SHA256
24a2ca9c8306b4214343a173295363ef468f3f8a8a827e2d4ccc70b528da21d8

SHA512
a890712366f0c2b97b353756bf3142111b6b3f5cab933e27e9508bdecf30e49db1868eded229df3f1bb4b4503f097a39ae9021bc25873ee2684d4dac5317eb87

Download Submit