hxxps://ability-customer-4015[.]my[.]salesforce-sites[.]com/dabui

Analysis

max time kernel
288s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ability-customer-4015.my.salesforce-sites.com/dabui

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873811659621864"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC	svchost.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 5200	3212	chrome.exe	87
PID 3212 wrote to memory of 5200	3212	chrome.exe	87
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 4220	3212	chrome.exe	89
PID 3212 wrote to memory of 4220	3212	chrome.exe	89
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 3980	3212	chrome.exe	88
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90
PID 3212 wrote to memory of 5736	3212	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ability-customer-4015.my.salesforce-sites.com/dabui
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeecf2dcf8,0x7ffeecf2dd04,0x7ffeecf2dd10
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4428 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3892,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5216,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5484,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5496,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5636,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6124,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6104,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3208,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3388,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3308,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4428,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3324,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1476 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5640,i,14815627971446138740,16680863280739903550,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2508

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d10952c9701394d491a28ac46c49d9be

SHA1
89a813af63e7565b5d0038863d088bd7a70fa009

SHA256
3544b5a9b66c9cb928380dbab20a62d790029c81be20a3ad9c3475e297cec4ae

SHA512
712677af733d9d01290a25042bd5ac3d09f50d7d2592693a1b43a02d2d5bc4a1108ae3bc3f499a79e816f165d7c28044a1cfab474ed42088e45bfeb8ff3c263a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
9727d550b444adb0ceb41a5fc9dab01f

SHA1
4cbc5fe2b19fc03b44800635d0874c9d5cc10e5c

SHA256
59aa1f7f10404be6e51a46e21c5e763728cd9f527b681c8d21ce50d74368a08c

SHA512
5c7e28246a13fb7f928d3dbc3c1bd93e4175d94c945b103b5989046df0aab565668a25fe75a2ee683c5005dd41c7981d8699b5f2f143b4744fe2dd619d4df85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7062c0ade88a64838a171af229b29dab

SHA1
b93a1434b1abd857e5634f56185756073f8214e5

SHA256
7af58edde945a2388fc2daded887f09d8c770649ea04fc7e2baecf9e5496cc10

SHA512
be9049a2c35e911c2e2c1576f323c4bbab9ef184ee335f274b21484c607db4eaaccd8848f62f72da988d703b5b8880299e4e8fa45ef73f32f11c457ad2772715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
52611bdd31de33c32569765a31436749

SHA1
06296fd539746965b3312cfec3c3088271a35bfb

SHA256
eed5cd4d561b46f59bb241b0c0c4e7fbc963e298688b3e724ed0b6ba546713c2

SHA512
c61fb4cfafa6b54b8979dcf12add7d99338e9bdf7791849725e7723ab2eae6f81f7e9d892561c9522cc075ad9ced8f7219a7d92b9de0607ac821ce5f859c3990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4fcdef0a91b10783a58f70ea40b6b5cc

SHA1
6c302758bfb6d5b67c3d9ae6244919bea2695b15

SHA256
b1465528e0a3db0357cf5d1d4ae9e4938680763163647c3a0536a821ba9ecde2

SHA512
a975607c2465614e041bf9141a9a1d29f0f2db4ebfe9df8926e33fcbf885699e1c9fac67ca986e8feaf39981acbdc50e4d9b52cc64b0e7834fc7283917f9f2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bdf669c5ba89c481895d2a6ee967307f

SHA1
e2259b07f633fc50c77584eae504716c06361462

SHA256
3b0c9100c55ea7184c2071909c2c4db8110a6076c43bdfa42e861aa87878ef5a

SHA512
e7d5fcc7672c304a14a40804ad131bc8035fbb64622b5f1d2e1b9d98abf93e72e400f36bf81d18752d2997979e7c5c63d5067b5ae0bea782e665fb8f238d388f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0e6fb20535b8cdb00d06189a7674444f

SHA1
c425fadb14c9e3132d95755fe7c76c9682a3147e

SHA256
7e8ee3a2112c657926b7f3c628179dfe51323f0726fcc7b2b6c3ea70c133b18a

SHA512
cffaad692542c343ea8d1561921354b76191cbe975dca53f95bfb0957acdceb378870bc5480c1ae6304c14ed3db13f0c13ee7288d365e08a375f2f5f9fd98fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
29a41d57697d6cac5ec49a18b4eaed5a

SHA1
ae644da309f307c78dc15ac36fb0963113f14cee

SHA256
d894ddf261a1056f4a93b2114209555257f7c6096a4e78a8fdb37a6816139f0d

SHA512
99a1c6bf49dc81d7af7a13b01d362a4318f13abd4eacf3267307dd047da2da9c97cd7a1e52397cec181e9b521357dc6e129f27fd7ca02ea43a5dc0f951341050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ca735bfa840766e64e0d676f577a581d

SHA1
e38093b9b6ca64c5ea507917764d0fd7c46bea8f

SHA256
1d1fc079dbd8fb73483ab0cab2a1ab8206586890cb534f9037b0107a857acb62

SHA512
194e06372527f5cf06a4c8e9be9bbb4715968c5dfddc86909571ba122eac3b1aea378e31d058c730ae7411f7a974ea5be35e601fea9c486103eff8d134fe330e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d76ef203f093954ac6864da49bfcef88

SHA1
0046ce328811640cffbb6ad74e56d715207467cf

SHA256
6de086bbec293e99293825ce157119beda2fd371289a7c42cf10abdf3c83dfa7

SHA512
f11ea3cacdbd576f67df394ff79df8f6f37b4e4e89091045c93bb48cab56a5fb11f8dcc8b576646351cb958a12b6b38d3f0d4b9cdfd2d54e4064d7af2f96e923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fa7cf321e97f510569e63aeaf79f8fb1

SHA1
09ea76dc475b9b224a95aa7dca192a043c49eb66

SHA256
64f4e412d3142962f6db997f8c5a9b426cc9e5632a004fc6c31ffce34999d567

SHA512
844c0e96219cfb9c787d1898109f4d48665bd771ecf000bb76c643866a544ba8c58661406fbebf7e61aeddf6909175076d05b5581f109531f0f402e6c6cd456f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5e74e4f98124462a0f1a74171ef7ffbb

SHA1
7e5b24e0e4f28e66f27430a206cf39dadba8decc

SHA256
abeca1bde109ff3fc2309f3647dca01b85ac3416b8224271a0b9b193214d80ec

SHA512
1fab8483a7f0fff46b36d3a40501f26e9df4263de9a709022b341da938434985948efce377e727b55b9eada2195cbd0b9c15e56fc0d60352946d486cded43f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4f1c7349dc5a8ab992f8bf5341b99f5

SHA1
d95c5fa2b3bdbfe645bbf2086176b42efa81c023

SHA256
4649834f2b0edd7b2685a21084d9a1097951d063d7c67b3e4207d801a48289ac

SHA512
1db3de3ca9ca46ef348eaa2d799a22c3f8755d0b0b37f72a4bf150f3b7d1bf2f4f392f0397e610dfdc4dfc74325c32e43f3582db786c2899fbf02f05c6542427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35d03fd2bf96571cd27a9b9ac8b5a5d0

SHA1
09a5ad028e645d348666d576417921d56a2a200b

SHA256
71d1f72964c9428a429cfe204dcb679de0a12eaf3b751fad0874d85a0b5ab5bc

SHA512
4b1be53e6a1b8957d669ff92eb67d47b21eca56eeab89e2aed612ff6d5164644b541b3a65cfbd6e892bcac284c9172cc2519174cd93721c1cb9710baace868be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b759.TMP

Filesize
48B

MD5
bec37f7be56d02b999a6646cf9e54d3a

SHA1
f5f86fa813ec41f8ad84bb221e2410eebde9db9d

SHA256
7c73b2cc519fd550e8491b1a61d8329b7e075fc9db753fe4af7fc3a679f72a92

SHA512
fdaa095bf5c75b779ec1d6f00d22fad8f6f9d5e378615f5f73d819d0c96295e53bb80fe6d49961f9a930a51669b4944a0510a767ed4b0540457da7c96920b0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
c50450d9da5330241aca6080c89fa74f

SHA1
295906609fad91c6543d5c94807a904962a6418a

SHA256
d88d8fa96ee05c62ee1b15cd54d215a19748d46efd9ba687f455f4da386dee48

SHA512
55792237889a795c7272d16d7bfa755c7ddc66e1e2de7cb8550dbe5abb910a8f5091fcc40927e42daa89e85d721373ada8b4fdeef88d1bf4b0cc981afe84ec3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
7b129caf94b12c16554d3af86739f506

SHA1
55efa718ac7538bbb393f2a7571601682c9f7d30

SHA256
f9e55fd8b2ff2dd99246bc8ab6db6bfb51665ded104c684df1d4659b06bde927

SHA512
b608d276126beb55e5540eb405cc4d20183fe1c5b22045f518b6919b895216c2553f4f5696d58d6d6296557deaf1cd9a5fbb57add6165c3ad754c90f481adfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
99929a035fade9ef6acacdee089c37ad

SHA1
0d0a037e96ef526cdca106bcf24976cb27d0a908

SHA256
975b5d5ec231c1ab6a3b176af1e678eb32e39e26dc8ed463b5487793bc0feaa6

SHA512
6cba230da86675534b2850fcfac1badb501973abdebf5a9ba4bd38111a9ed89fc7b9dc9127fff110e65a5199dc9563c786331fce934179be68ea666432a8226a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
137b8a6ec00019d15b338ea536b8dddb

SHA1
a8d64295803d2427c2597934fc98a251f20135b9

SHA256
900f4a1b24fdf023c63cbe8ab59dc6a2636590a52ef8dc1f20a7d9e434417438

SHA512
7cef84213ff9bba2c7994938196c2c2252f6eb3d9b0e439be8f3012299637130ecff1db5aca5625e66bcd49bf4bddb153844e0670c34286411b702a2842da3da

Download Submit