hxxps://drive[.]google[.]com/file/d/12Pley3XCLHDEsVgSnUC8D4NJ8ZCiDGoQ/view?usp=sharing

Analysis

max time kernel
46s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/12Pley3XCLHDEsVgSnUC8D4NJ8ZCiDGoQ/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
36	drive.google.com
37	drive.google.com
39	drive.google.com
4	drive.google.com
6	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133809293933894311"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
3144	msedge.exe
3144	msedge.exe
2408	chrome.exe
2408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 2500	3144	msedge.exe	83
PID 3144 wrote to memory of 2500	3144	msedge.exe	83
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 2092	3144	msedge.exe	84
PID 3144 wrote to memory of 1912	3144	msedge.exe	85
PID 3144 wrote to memory of 1912	3144	msedge.exe	85
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86
PID 3144 wrote to memory of 3020	3144	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/12Pley3XCLHDEsVgSnUC8D4NJ8ZCiDGoQ/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1bea46f8,0x7fff1bea4708,0x7fff1bea4718
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14890612557969154149,257545387301781345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14890612557969154149,257545387301781345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14890612557969154149,257545387301781345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14890612557969154149,257545387301781345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14890612557969154149,257545387301781345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,14890612557969154149,257545387301781345,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff0b37cc40,0x7fff0b37cc4c,0x7fff0b37cc58
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4896,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5260,i,3364190971472952396,15051289707886888299,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:60

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f8fdcefe00ea35691fd5c0eafa754e4b

SHA1
3cc8ecc203be9ad064d5903bd54a4c97889f9e0e

SHA256
2e87ff5fd5128535a4f69150a70e1e7c25f2699f187a1aea200466a885ddc17f

SHA512
74961c1e39117498c401b274b899d28b144ca3435b771fcd27aa4bf004e0ed2c716603238b0893db32b3d089923ccebea03efaee0b714b42992fc9e544f3cb45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e32a0b8aedd11e6b594dc479d46626d6

SHA1
9a31c84e220b6a3a01eb3323779f0e1480892f02

SHA256
db47c18d8ab205cda9c98bd58860536de2ac7ddf6fd207af7029c2b821519862

SHA512
23af14ecd0ade24d1769752539dfaccba784a3dcf26762b57a3e16adb2c9ebf4f3eb6b75634c4aabe4992f1cee576a1f2bf3542a2c0416800cfb15d6e94a7ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a134f5fc47706356302af585d2e6a376

SHA1
c2e59910d3e72962de59dbaa10e41aefe1c0186c

SHA256
85cae5c82a219924b1df61b6220502f28c82611f021e8637ba26e86c0844554d

SHA512
1417bb037eb463b65cecf6395eb2b8154a914ab0a8d983923bbb8ec7daff2661598d95f3c7be59337c014cdc8bc91f51d3a68ec94f1d5de2d80d6ee5af8ce062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a81e3859e87f3b2ebd4cee28d4b0cd6c

SHA1
54cfd1f48229217d52659951e5b5ce34c3fc4b96

SHA256
fdb7c87a43c7deb39e16e84e2c0a83928642b3ff12136c560acbf9c6324bf1fd

SHA512
a4233a280a90bdd68f83cdd89c2841d2e0aba8bd94297382a2d3a78020cc687861c5359f0ad06b87228123177ef15be5594758e0de82806d200b27e3e5fae592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4151a9cf2ac3cd2a7aa2aa136c850fcb

SHA1
b2b5cb33057528e4cee6d42338f5538d9de6bf30

SHA256
ffcb20936c730c6db8b3bb11ff6d3bff76edbb588c39414296c8b3dfe225630d

SHA512
c2ad12603018410daa5783b78228596a2dbb1ddd8235ef908289f3a3e880c0f5f7330200d7f694bf41bbd916812d6e9dab19b85578536c57c037bdbc2e525ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53dcbf01-5256-46e4-a67d-fcf74bae88c2.tmp

Filesize
5KB

MD5
506161daa9143c6f29c9a45cfb7ea3a7

SHA1
42d584b0ac797d6486efb72bce5b8492bf5477d5

SHA256
960bc6dd38680f209fcba6a489a4346e804f67ceebfdbede7face2e01c6c9d54

SHA512
9d3cbc49ddef3688c27cccdfc3c513d998a132b696ca589b46cbead43c0cb9aa30dc5e36d05471638c57565b1a116f276433fc6544f6b8d17504b35046803083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1db6011dd2ea9e8832c8a6678d2f0560

SHA1
11be4041cf64ae3f4cfc1506b593d97dadcfbd8b

SHA256
9ca1f658455c6a002df677948311d131ff3177863adfa0dd32c0b6a40555bfd4

SHA512
1cbb0e41048012bf5c1953ba7c427fdcf56d2fc064d6f41080c8324583e4ad8dbce794459478fc385f80e5261a4d9dd69eb4aa4151f4b3078d3cb5797d79e835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9d440b3649145753c15e95f4784e4e5

SHA1
fb45e6f6fff57af46285f62a79ca5c29e754c804

SHA256
06e102c396910847161f5249ca2398883320e3fb860af7e0f85932f6f27727b5

SHA512
65b95cf921df729bcc223fe6048261c182f212fa6e466d14650092fbe37f89a52d854f444fbd8f060e2f48772d555669fb5b81ec0b9d77f689d1c5a3661e9c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
794c2992b4ee6f58f7c6a17f938b9cfe

SHA1
abd40e042c1d761ab9b714bb21f8bf3c89095489

SHA256
778118dd9b1d57debe6289745357df143437c2c3f59e2e00ca20a12b87749663

SHA512
0c5ce60e39cf9c88c483919dea2694429f4d79d9619bea460d04a87190ab9c45ab88ad323bd65fc60095540952f6e075395b242b587e29a53d0be9e7ab379e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a42ee22bd25ff67155ea582801ee2dce

SHA1
3ffc28098f50a4fbbd91549f1293a766e2c9e7b6

SHA256
774cef7c06752ab81ab71025c532cafa9ef37ab9ad23a955e78b640cf681dbe3

SHA512
d597e63421957245d135daba452c0cc17cdd1fb7edaf4770611bb6b900e13f1a07ff59db4aac3351726cfc869f0f1999bf01a778b11e139e2a9c980b71f5552b

Download Submit