hxxps://1drv[.]ms/o/c/8fc032da5fada757/EgEHU26Ga4FAl_1Su2lfpkUBqQItqpp0mP4_5cipPDmMcg?e=PyJVMi

Analysis

max time kernel
209s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2025, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/o/c/8fc032da5fada757/EgEHU26Ga4FAl_1Su2lfpkUBqQItqpp0mP4_5cipPDmMcg?e=PyJVMi

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
159	3508	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133872889709845115"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 1192	1240	chrome.exe	86
PID 1240 wrote to memory of 1192	1240	chrome.exe	86
PID 1240 wrote to memory of 3508	1240	chrome.exe	87
PID 1240 wrote to memory of 3508	1240	chrome.exe	87
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 5056	1240	chrome.exe	88
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89
PID 1240 wrote to memory of 1996	1240	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://1drv.ms/o/c/8fc032da5fada757/EgEHU26Ga4FAl_1Su2lfpkUBqQItqpp0mP4_5cipPDmMcg?e=PyJVMi
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffca1cfdcf8,0x7ffca1cfdd04,0x7ffca1cfdd10
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2052,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4268 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4680,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=364,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5260,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5652,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5816,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5656,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5684,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6216,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6424,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6356,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5860,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5952,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4588,i,2296272684481754298,17552659288605234092,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:1496

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1204

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
51a2f8d5b91ed2f4ea9183fa8851f709

SHA1
f255cea8a0ca3bf1367eda6f1e9caefd85d88df9

SHA256
3368268bc3e1e6be314c42fa6e6730f160e214f704f0b0cf9a57e52b2a434e5e

SHA512
a6b6bedfc9b7fb644abb656cbc2e4a270debea764113c04bea93b7d496421a2fd4d952c6f4356d62bfb0fe8f55c90d5980709ca8c2db847344dba3e3089a09e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f7c2e37704b840470219fc97595d7666

SHA1
3dc722a1cc01343d34858b312d41b54bfca39f7b

SHA256
2d2d4a244c5ef3548234a5ba84427a38fed6bcff18912286075042563beff2f4

SHA512
fe56fdfbf8ae27567ffd027f258503b7ec25f561026a008e03232ca87c06574755c0b17077afdc74c8843662116c2055e39aac3c8ee6f882b2b9e4509e675b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3a9f6094f188d44c17f5598625edacd8

SHA1
7587b6257b664c960ac003c2d2793917b318b1a9

SHA256
53f0057e982c34966d19efa086fbdbc9487b24d6d33ff07b92fb999807dedf73

SHA512
ce2ea74f72e76c36a980ee2446883ea5ebaeb163b119aa205b92008dc3a08313ea6cf57c333b006abe79257ec588d06dcd918c3386841731eb5d4a1bd11c8e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
472aa53dd62aeec5fc8f773be38449a7

SHA1
3a69617b9b07c48de71cccaf6c75234c33ed2c38

SHA256
4adbb1ac9fd4f79ffb306f8004b899ce052fe4ed8b97523ffb299b5b6edcd0c6

SHA512
bca0ad4b2e1e9b91781d141573c492bd01404003d4714054061bac71fe63232b6fb52060026daba9f9118b3c2b4dda05f0b01f64e41dfa235dd20985d03c9ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
02f7f70fc94437f87b1db6b2d7c38837

SHA1
b85f862adc4ac60036120ccc2ee01947c1e13f2e

SHA256
363483a607702f471d79f1af3bcf9f28a61e697e2cb6dc59168602d13451eb7b

SHA512
56c6d2c96b24d3743cd9dd043fb1ee73cd5f03f98663830f06fcfe3303b37e47eaf9f08a7468042582152b7db9fd122f772ed46542ea35b9c54acc9190312e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a07b471aca52a030efbff645b4798798

SHA1
447f0e945cff9396306fc63b9cb09a2d60650421

SHA256
3ab131429af08ac5596e33d9ddd0af470f31f63b0d9ebe9f487bc7be691900a2

SHA512
bdd30616428db26eccd0acd5da15464b24b7d217b7021ea69683d1a01a47316c431ca5e9bb04e10ae77cda6522ebcbaa794a990e861f34fcf564252156c000a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6469fd6ea05e46ece759bafd3ed583c8

SHA1
c666a8eeb67729bacf7ca4c6e411ece7b057cf2f

SHA256
4c83e9e364e402f2dc2e0eb1b24b864b250bd4cbb26536b9677ad07b60e1d077

SHA512
0b63f0c671b71227208768729df1a4899aca4117945726f812036390161fed76ce4c1be8f216d921509c15045b4dd235e8732846aea821542ebabbe7ebebc295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
551bc1ff735768232613b8bcc8036d61

SHA1
8fee79fd77e866cce53ca9275d414b8280a7afa2

SHA256
0015f9d485913e5a0216dc05a7688e2ac7765dd2e35d546e3469dcd5444df1f2

SHA512
425040a9c145ea9fb47933bfd12939ef245d6be2f3b0fc3d6ba5ffaa8b008202303e1dd288fdf6029451e623e0d6783a586b7e18f341fbed2c5e6c3ecf82ec4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
81cfa0360ffd74287c2cdd18bae2db20

SHA1
4b1203e1f47a6036db6b9278f32ba63cee8dc304

SHA256
33653d7ddf0234924ded57f023b08259b7e94c5d5d81686e77141610a52afe3d

SHA512
1b1d3259eb6f5beeea86eaf53a25ae5666abda6fa357822d8279b0a4e22766b991bb745f711126a6373bf382a4ce1677dff1065a05d02ffd138e39f7556a5604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e8e9.TMP

Filesize
48B

MD5
f7ef7fc64f06da77f342a4781aee867c

SHA1
ffeacc672f49156ce680e2a0bd1b61a7c2e74412

SHA256
6e23b0e956ec24c8c2e512743ede5a88a228a624cb4739be711078fc17daac4d

SHA512
884d0957709fd4d666b386f32fb1305a425d97179fec0e3c3b6c345721e2d4ff6a3f1f92719bffd77425dab5a0fd575fb2db1fe57e355c76540afb1e194c57d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
53dd9a8f2d209d89f37e74c2bb7c98ae

SHA1
7bd098a539414f46baf6c7091213ae3a0f5f9253

SHA256
55a35c2df76e282e4c1a6c64da894ba8ccb1e37ff279cc4b024d93720cb0337c

SHA512
4d2e1993490b86fd5f7d5119ea4a076186351ecf7a8cee664f01542c6067f02d059d69315e2b5d8837d5cb59133acf5413abf5810e78ba858cdee15eac5577a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
8c8d48fdcba7003229f999d8a1edb4ef

SHA1
5bc4f3451255d45f6dfb87b952b393a89e362089

SHA256
f5c0ebe18199aa16924978da793358bcfbced2fe7f720652b775f67480863a39

SHA512
3affc24c69111e0ecc489fcea36e870f465221dfcd42566be808f36a86d951436aa5bc699f521b81b58353b52f91c381c286a7fc83cc79108245648c21282dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
6f3e490baf8d47f2062f0508ea157964

SHA1
e3ec77b7f7c01309fbfd4ed49f1687838bab84a0

SHA256
b02180c6409005e77ea54026a1755892ae17ab2a3b753854080939c684736856

SHA512
b275edc6462b40aa7ff6fe9b2753ad4b8441ed03b336764b80de425d7b9fe3637f86ffb429af98d705578714ce4928eacdb3ccf46220db9fe4205430b3210d93

Download Submit