hxxps://drive[.]google[.]com/file/d/1i8mlJWU-UJ8oBJUCBnDy9V5xBz1VEoUc

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1i8mlJWU-UJ8oBJUCBnDy9V5xBz1VEoUc

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879226772302919"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
5340	chrome.exe
5340	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5356	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
5356	7zFM.exe
5356	7zFM.exe
5356	7zFM.exe
5356	7zFM.exe
5356	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2936	1256	chrome.exe	88
PID 1256 wrote to memory of 2936	1256	chrome.exe	88
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4564	1256	chrome.exe	89
PID 1256 wrote to memory of 4548	1256	chrome.exe	90
PID 1256 wrote to memory of 4548	1256	chrome.exe	90
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91
PID 1256 wrote to memory of 4764	1256	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1i8mlJWU-UJ8oBJUCBnDy9V5xBz1VEoUc
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbe68ddcf8,0x7ffbe68ddd04,0x7ffbe68ddd10
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2200,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4228,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4412 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4704,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5660,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5668,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5908,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5752,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5552,i,9043671147288865436,999294815936302349,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1912

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Epson L365.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
222a361e4b81c01948f3d7950cc461c6

SHA1
cc9a6fd30b8f36eab87cf82ce30d4b6285d922d1

SHA256
48572367df4a218747d2030d8143b9b7ec0212823b5b1aba1e479302d0191f57

SHA512
cb9d7982de1013ce7b8edbd3907b40cc616abca128e968679f114e3571ab705e3278e17339e011ff13670e7ab3865cac9b9b88ced2aca121d7b332eb693a1d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
8f52dff6b5e3c846d39c9c62b25fe18b

SHA1
4ede7390a2ec2fe98e235c3bfe887844d2d51d5f

SHA256
c37cd3abdc8d119a774df5baf3c69cdfd0e1b9388470df2e0681316683af9fa3

SHA512
a769114853de10a9aaf3d715871f9d40583d34ef771cbf5f857ddc369f7a87f42cc986b30e070e0c399ddaf5f66934972e58441f5753a82b145a9e98f6aa1a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3a654faf53136a1342b4d94b4b6d4b68

SHA1
15572410c67616552b231fad4331fe5acd913adc

SHA256
9295fdb4a6d8564119cb10561732d218f7d92496ba140c72c7083d4078a996b1

SHA512
172473c40756f60c4aac5b367a18862f66087c0f5d31e5bfad4ea4b3be3e5723a313ad57d05bfbd6eee7b5be2c7f24d42e5658bb538257da05e9064da3d2052e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
114e3e38517529fab60ba05468c5fc15

SHA1
a52f640b78efc7bc81f03dd4a0cd6ead131658b0

SHA256
8fd67e354fb18e612336bb7e261fd5c33bcc3456a267e8ce52447ad6941f59a5

SHA512
74973685ef755a4310335dd017a29e771b89b430c7ddb7c0ddd8ce229a2223a878ff2fef54f251f7d3b3a6f98540149af6111dc863a3596e48f73280c4fff259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
994eb9fc5001261e9be0aaac45dbbc79

SHA1
71e78d034002a766a7d879d24f0a752cfa1e0101

SHA256
2acd26b04b7441cb24107261160d8a1c83d414d87b97a2ec65e8a6fe27d3cbf1

SHA512
ef9223968240267001d98ed1d567dc746401a0fed7b3904e533607e57d8d33e752aa52cd82f552d923817d69d9d8b9b04ad16760e79253a56d847f05a76abe38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d1e0ef1ccb53a100422e31c007439bb

SHA1
7213239a05697aa2be79cfc98cbcc0451f29c5cd

SHA256
d1f7baeb84d8bffb5d5416513f00acbd8eb6dce8b23edebf17f98577f1599582

SHA512
33572b7d2250561fd841b4618aa9406faea18f6576865a291e87c06fafe32f9b9428a6d88603755e34bfc9224ee3849c50a7e5cd178b7a0efa0b11af7f97b795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
479bdb9e053135eba15da92973663bc8

SHA1
04445d497687d5f8af0490206114184230bebcd9

SHA256
260e6af3ae7ea680290e6459f4535b9e5e046330c8b7b739730a45b014f5ba47

SHA512
399cd2bef7fae6f9534462d0f5a0a254c85ecaa373633ec0aecedf5a0305a1582544961102be698ec97c59d998786b1114b69b199570305d38c944db3370d8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
d5e50661e225953ea297dcf624f44413

SHA1
eecd2318d7db3db44a3d48e95df6a77d8f11cb31

SHA256
cf336ae36d20fd476c54ce77709e2b11468add02b3d2acf7bba5bd75e61d8e4d

SHA512
e0bb13371f543094c48aaaf7c314524f004ba6e732632185b2c6d593c1318c2d6a3bce60c122e4daa0e349afdecf6abc106c261df16e54b39fec7aa546e87afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4759f36f8de213a00e94448234333b14

SHA1
57f5b289c648792fcdd1743dfc461fcc431f6e45

SHA256
406312e93b598817077112c3436757a50a24ab4bdf51c4e72ab635a9d7c5909a

SHA512
5a6105a96c79b76ef006b192f032bf2797283103dd4a3da55c23bc5361336298f0a5333e29b7914311d23cb7a90e6f48195be5c7363375c85b065272df0ad91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
17bd76f54153a9b8e7e92313cdcd8dd4

SHA1
526b7228c24853961733b9c4b2116d5c704f42fc

SHA256
41dcf5497f45cfe85eefe51fd9c5f9064e738561b76cc3937852469d87ae42e1

SHA512
25544df38473488b901a506ff32e545f1dbd71ad908018e2cb893128bdc8287035ae0483ae22421e64671befcd9efd7db734eb3c31f6a93f89f817b5b14f12fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
216d508f4bf61cdb023c32a5096fa142

SHA1
c9993ba42ace7beaa47886bfd23546ed1c79ae35

SHA256
f2b70017cdfd91bf3910ff58eb526c67b4a1fdb8bbfff26baffc5e9b870e91d1

SHA512
932e5dd74648828ae4316837435c9e3604a6999e048ab2dd20e1bc3fd566b73ac863e4a286ade8dcfe2d026d3951350030afc0f27e8ef744e9744234a2a2084a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0f1c6f4b6c84b1e68ab54bc72d5d6b19

SHA1
28a0389a3259b71806be01196637f245daf0b470

SHA256
9b4fae56687359c17ff3c0dd8292019aa9d0017b3bbca960cb9f8bc919fb453c

SHA512
c602b8116ef12b1c1f10548064fa6a3a3f8357ee4f0b83c114771c15d2db0b3489118a9fb946660d2f68913df269128ee7efc2e1417b939d9b7f880fc592854a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
714c6c123cc780ab7753b3af1def8d34

SHA1
d394ae7d7032d9a512b2815dc53a8d0f26bf27ea

SHA256
b6719f28d8e1c0ce19f8f404d081e89366b248e7cb3485f5ef72e824ee780001

SHA512
a84708a4a4491c900a081d265a92e7cbc8ebe19e5c2be28ae72c13eda8cdbfebd2221613c7e3cf3afe42798adf0a3092b9b5c01ef36cee8dbd146944ebc9a714

Download Submit
C:\Users\Admin\Downloads\Epson L365.rar.crdownload

Filesize
2.4MB

MD5
9fa2014b0fa5372c60aa343cb50c310e

SHA1
483fd06185a24043c73ba7e7823ab4f1285f040e

SHA256
5a301e2e8bebc46f9a890a7ba0b09b786720cd91e64f3c8f37879a76dfa95525

SHA512
26d23420a0e6a6bc6e4cb61c7f616579e84167d82775c570494784f3ce1cf30baa8e81ddf3517cb738dd37967448f463b8f18e9d6962861b968895f1f1b37ac0

Download Submit