hxxps://ability-customer-4015[.]my[.]salesforce-sites[.]com/dabui

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ability-customer-4015.my.salesforce-sites.com/dabui

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873814884496074"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeCreatePagefilePrivilege	1676	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2068	1676	chrome.exe	87
PID 1676 wrote to memory of 2068	1676	chrome.exe	87
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 5496	1676	chrome.exe	88
PID 1676 wrote to memory of 3592	1676	chrome.exe	89
PID 1676 wrote to memory of 3592	1676	chrome.exe	89
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90
PID 1676 wrote to memory of 1684	1676	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ability-customer-4015.my.salesforce-sites.com/dabui
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd6c7adcf8,0x7ffd6c7add04,0x7ffd6c7add10
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2096,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2344,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4356 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5328,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5360,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5372,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4856,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5864,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5504,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6088,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6100,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5752,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5820,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5788,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6328,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3708,i,4451594414783331195,16248393194544751551,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:2772

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e583b3bcd0a283734268ceaab094ecf6

SHA1
31cd245bfde1e6f488730f052d6d37bbcfe470ea

SHA256
a143092cbf17b2e36e7b5e9ec5058a2154cca9ac0c2b5841855c07439ae6c509

SHA512
3168641a34bfeed7098fe87c75ab92337c94baf76d8725e295a411853381514748e71a0c4c527893a653e1a30d0cf1b540ede8ba480ca655af78cbec0b259e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2e5aa1a4ca7f09e22441a475c0e35ba9

SHA1
61d7780a52f6a0f9e03360f693289adfed120c81

SHA256
5657ee3927c32c8141dd7b36fff42224de2f7789be37444a0c2866d060e141bd

SHA512
686192bc85cd26e7a038a826a68200df4184441337d7e9e0656701576a9c70002d270c5377429218f281d87a13ef1779666e53a956461c5866a0892fef542385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
795e0bdaaa1f0b2739f7c240a5557c23

SHA1
2b284641e999756fd175c037f8b769190ecdec37

SHA256
cb58eb3384f731b12f75edc008be340dac6ceeffc8062c9e1705ee8c5f1ba7aa

SHA512
c39d4d99dfd0f9cd3f2b57bbe0ca14ee1686258309e3a3b208331ba74a1bb7e233a89c027e00c175816cd07e98b29ef1587493cc96eb2a547b969466a3cbe58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
116272b64e759986a64721e366b692f2

SHA1
5f05cb48de747502575042771220279082871912

SHA256
ed93e631930e21cf87d3ddf7aa9dbbc84a6a3d5daa67b104d84f8035525267c9

SHA512
038f486030f06d352c60f56f47cd4920dcb31915d9244495b34f8b776dca79eebc1fe38d68e83dc17253972cd9c5dc876860e6a31ba2cfecadb59ff1a301c606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
df9c456a454ffd337c53edd7a831567a

SHA1
0d2ee34deac3a28bd2ae12e05ed00222e2fd10d8

SHA256
70ab7c8d4bdfaf245f1152a1571de05dfe870c7111febabd156f212d3c0c18c9

SHA512
d34aa45ecc3c8a59f3cf2ebb4e1a974dd0d6aefdc1ab2d359247deeef8ffc9f14bf12728b20874a3954cb0c0c6f062f1296df04d40c17bb84456cd11cfa3ab2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
020844fd3512e2629cc9786661ce575f

SHA1
0037a29daee18b2d0e7d7c1a6644f5495cb13e5a

SHA256
4930573612854d129389bb050a21c139a43c738060421c7a0e987517bcd60a7c

SHA512
f57489a5b45d8359005de9d83a07dd71da3d0c5db29fe025464abc942747af4f5ac967d836d614f6a85e3d5043738dc53977c75870c7760daf7dc552aa0bdc68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
592de48137249ec7b0594cc3c5dfdc22

SHA1
26fc2f8a8f42ea28b6ffe4312606df395bef8fe2

SHA256
90c821cdf84053a573375e5df748fa8f48429e6e65cfa7ec8f5374eadf85c3f4

SHA512
34190070094e4190d59c54ec462f50e8fa7413ac710819e0e357c1b089298e8a349e15ac611bf34ba27fe9d7455c558d76725fae24d3bde58941995f5a6aa06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3ef89c917d166460e831e16aa04c1068

SHA1
77da927cc5495882bc22a2f4bd39e606d73f95c4

SHA256
47da545415fa877d4e13d69986be9cb317fd8cb31fae963c618476b014dd42a4

SHA512
861f5913ec71afa881ab032f2948850c86279218ac805a27b0b1f1f3dfa30bcf882563fdc419bf4376ecff8b2c6d680382a246eac93f6db61bf7608d3144ca01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
c36cec07439bc7058ec1b71d62e359c0

SHA1
2dd5bfe8d07489cdb4d387c6ab5ed794a5ceec8c

SHA256
9866c0325250cb83a171463115a12dd09de880d9f87059d0f0690b4c2138ed9a

SHA512
de7a852b291e2007e32706d620cc01199a11c63661dfbe3751a343bcf16c02fda51fbc687071d80ab48f63e1bd174968023da9a512694f79f2a7d04b2ec67020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
f13f2454af00a8f92ec1ec88dad5b8f4

SHA1
15b840a46bd493c1bcb831a850029facb8fe5f91

SHA256
981125546817c0cc4901d60749dcfb4d5845d84d4c7c4d92bd598f28b3183707

SHA512
0cc751d7d45e8b750122a632c6e8b85360321725702ab6c163ebc6e71c05aebe2b0a8d9046dccac745d2f635d9a58b4ff49b0db005e2527aa5d3a6c531815b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
574676ef7f42d41d011899e463494c6c

SHA1
bc864be7d54df75741f026bfe1856405e6319461

SHA256
2b73bd8808bcfa11ae68943f490bbfc73440eebae16c5fce35de411a77790918

SHA512
92e90ff0d82768d0c293358d5afb8f35902e0533dcce977457bd23da86f229faf643c013659b00a1f970ca3d2aa67423059ffc7ba4409c795d5787e3fb27d4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
39675076ec6407087f4ab7250aa7ab2f

SHA1
9d99e4c8aee9908859ea7351c7f943d585b4de97

SHA256
3264ef1018bd98651e50d2a7b829b5317a22d8261a36c6bc2817f3e162dc35cc

SHA512
04eb15cb6ffd591572bf65fcea92fbed78bc3e13ceb4b25170178cfa2ceddfda4fe1828715cd87c5564046b8c364e242f65c87460ea65ee97edc692d6dcdbc11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b96c1ed7fa9b3fd5a5e5f2dc33660b85

SHA1
104296754b341f1846caf22480143b045963e29c

SHA256
9270ac2d24d4d5f1b88369d237c9a4f8c2eb0803c2bcf90fdc46cd4021c19857

SHA512
beff75280d3071b87d9d75a982c4454a263a79ad5b65764bd598fb60fe5d1834eedd3a40adf7fa9aa11d1a42cf13419ec6d7d967606abd721f8e8f4868d4d94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6eb1b291dd2f487ab5a537c3faa110d8

SHA1
36815a4ed24a6637ba346050b42e114da3f255ad

SHA256
4a3473e1f24bf834e13cdcede368802067dd541f13fcad22fa82ca44d9f02fa6

SHA512
54d4455a4f2f80faaccdc330d03fc48bdff4d49446a0bdc91e3d034cb0e4b737b96faeb22b820dfc2fecf21ee5d0515fd447e5fc4c55a99621623be1637a39ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5ce.TMP

Filesize
48B

MD5
765b491b9750c44c3356c3d22c94e6e3

SHA1
01d2261d36094043310869c0c00791fd2a9019dd

SHA256
d882b9673c5fdc6cca0fcfec93a3fb9d427b95697beee68e5f4b4a43872c8b21

SHA512
375cee1df8a0079beeded222780a322ff29efee30a0f172b1d4afaafbfa8dececedeaf2e47f78a447feb5a4e15043413b2278c958d27bfcaa37cc12ac19c2d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
b39e56d62e44b7b8de252ec98004b5a9

SHA1
efedb5df2729fda71be4a0e6c79e08a9012d4a0d

SHA256
fcafa6fbbe67dab723c8244f798eaea5a3927f94eddef65c54e4ca0626ec6ee3

SHA512
7f040026125fd41df9ab1ec3b637e52be1b6984ba694206f3b95cdf509ff40fd4898bfce2a2a80637f280b70311df336b5dc0f2ffbbfc3f36a23e78b4ad775e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
e1d1acd010d9920d22614657a390d6ae

SHA1
e6ca54a4a2d8cf84c2741ec7df77291789987c74

SHA256
b1c4b6ca7847cfc097dbc4cc00e63f1c614616753ed4f7c832c8b3fe9446890f

SHA512
1b93ee35687d8f5aee58fee4358f97059b624ab3b1bf16cdd8c85a747f34c289c99158e29565c41d9b22aca25c7890f29c423785df34b9845a0ca8fc25645bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
030fb49d99dad89ece70735d718d49ed

SHA1
a584e31cd4759824ae50b61688ccb471191b463e

SHA256
30fc457b6b771193d9e76f700b6384835723bd6e41cec62acd3bdfe7f49a339f

SHA512
37279c330f97bea5e321a6618de33e1a1a19a2a4b395c0cf7ce8d84ea96c9fd7eca7e7cd5c7be13a698755d58ef597df1fbac671a114e3c5bb7d9ae6a0f820f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1dc53d979166bfae898f70721565b250

SHA1
e86ccde4ddfbbda2952e187ca47af831b2ec110b

SHA256
980e69735aaf8a109269a1a04e539e7be335561a18f91892416abea9e63ae0a9

SHA512
2073568d835da397450345e7846e883f04c0452486276b6b4f17b16b8139291f0613f0ca96a525c7c9c42c5afa3582299fd22a9f586cc9f56986ee35d03e4fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
b958a5b80c7bf7510389eed6103c029b

SHA1
aadf4545946195a3df56d7fc1d3660bf563e35ef

SHA256
b386ca6ce2fb397f37a39dd651ce435037e40af539f8c01c361a1923cbd5bcbf

SHA512
2a910997065048a238cf84801bc3164d170201e43d8011b12a31198ccd46be4dab7d3a615465530cfe368dc4ed3d71ec2accf46072566019c65b6d88c553092c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
547a149ca6d625ecd7c0b80b33f72ae6

SHA1
8d9e8cbda2674b0a38b65db3e7bf816dec673413

SHA256
85bf6de88ebb363363a3bd1f451f075a365569196c9dbedd5a4b0129e1e59ae8

SHA512
d3a1cc6c27d380ee9460c909c07c573c0d6cb444818c82d47d634488ca54f3e7fa7c6fa5e8afd4e7f532c83fe320ede0d2c58a676c226d4bd29d9f206df50440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f24c5e90-cdbd-4f3f-a20d-ca322a94b28b.tmp

Filesize
81KB

MD5
ebdb6017ca102f351d7d9b71a7976b20

SHA1
af3fbee86dcdb5759cac209ec116dcffa24bd01f

SHA256
47e89c3c0280c4ed406fd0cbcc0853e7623f444933f447e071dc02caa1d8ff67

SHA512
321a9ffff3317ed8a2acd4e19af408145836d0294210209765225cc1f4b7b85bc9425ce5cd61374922919b39b9c66ac8525289b52cc2688b26d8106090d6506e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit