hxxps://secure-web[.]cisco[.]com/1KvkhpY8I74McvwNXXL3aZmtzXaCQK-JB1A9-gpcR70xwLx1VAxPge-xAw8BHg1smWx0-lAGYmtfEyqHD9YGvssFTPUbntDDIlQN9_wbttd1eeNG5RsxdL0hHUiPBA13xQ1IddmJY1uoTjIomaqUV_XJ2VwuavDK7aAvTWUHFOfkuOvX6Iwl3cIcXoZrH8uStNvQqI2WJajEcyDWY53VimEVmibeAQN-4f5ox7ioLNcCISL2LtRU5erQXjQ8Ud-00FcSpuJ0de3dMePJBHbPpexFBVcsaadbV9RSfJwjOEVYVlikHd4e20oP3C9EYuS6ZrKTDxq4nl-hvfAsJonkJRdpe6ESLrQVhahVZN0rG0a7wxnj2mJsK58VLffDq7JbL/https%3A%2F%2Fpolicyhelp[.]policyrestorepage[.]blog%2Fmeta-community-standard-690830581713186

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure-web.cisco.com/1KvkhpY8I74McvwNXXL3aZmtzXaCQK-JB1A9-gpcR70xwLx1VAxPge-xAw8BHg1smWx0-lAGYmtfEyqHD9YGvssFTPUbntDDIlQN9_wbttd1eeNG5RsxdL0hHUiPBA13xQ1IddmJY1uoTjIomaqUV_XJ2VwuavDK7aAvTWUHFOfkuOvX6Iwl3cIcXoZrH8uStNvQqI2WJajEcyDWY53VimEVmibeAQN-4f5ox7ioLNcCISL2LtRU5erQXjQ8Ud-00FcSpuJ0de3dMePJBHbPpexFBVcsaadbV9RSfJwjOEVYVlikHd4e20oP3C9EYuS6ZrKTDxq4nl-hvfAsJonkJRdpe6ESLrQVhahVZN0rG0a7wxnj2mJsK58VLffDq7JbL/https%3A%2F%2Fpolicyhelp.policyrestorepage.blog%2Fmeta-community-standard-690830581713186

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873941145135795"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 4132	3268	chrome.exe	87
PID 3268 wrote to memory of 4132	3268	chrome.exe	87
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 4000	3268	chrome.exe	89
PID 3268 wrote to memory of 4000	3268	chrome.exe	89
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 2412	3268	chrome.exe	88
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90
PID 3268 wrote to memory of 4676	3268	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://secure-web.cisco.com/1KvkhpY8I74McvwNXXL3aZmtzXaCQK-JB1A9-gpcR70xwLx1VAxPge-xAw8BHg1smWx0-lAGYmtfEyqHD9YGvssFTPUbntDDIlQN9_wbttd1eeNG5RsxdL0hHUiPBA13xQ1IddmJY1uoTjIomaqUV_XJ2VwuavDK7aAvTWUHFOfkuOvX6Iwl3cIcXoZrH8uStNvQqI2WJajEcyDWY53VimEVmibeAQN-4f5ox7ioLNcCISL2LtRU5erQXjQ8Ud-00FcSpuJ0de3dMePJBHbPpexFBVcsaadbV9RSfJwjOEVYVlikHd4e20oP3C9EYuS6ZrKTDxq4nl-hvfAsJonkJRdpe6ESLrQVhahVZN0rG0a7wxnj2mJsK58VLffDq7JbL/https%3A%2F%2Fpolicyhelp.policyrestorepage.blog%2Fmeta-community-standard-690830581713186
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4539dcf8,0x7ffd4539dd04,0x7ffd4539dd10
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1988,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2364,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4328,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4384 /prefetch:2
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5116,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5612,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5844,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5968,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5684,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5676,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5384,i,5223717098693371707,15024522004913652089,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9ab89b6a-b5d4-447c-ad8a-9c577aa02fac.tmp

Filesize
15KB

MD5
8b34f78591e485253a9ddbcbb20fd39f

SHA1
7016fecb37fbca40c709c7fd5b8cd2f9d6c1404f

SHA256
89798f1d79e35cb4e8acf59918af81d17a30bae081636b472233f634e59f746e

SHA512
346babb75b226e28e7698689c3074c0519c7829f04ab9215bd9f9fb10421248ccffa20e5b83d5b43ff572bab256fca415f6822b92e975d86ac581e2de988fcbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e1b336ca0ce1841b9d4df0750d5b9eee

SHA1
b00fafb3dec36f8a53033b2a242426a63c8d13f1

SHA256
887f193cf506d345ca64370dd672ad10330e39063e295532bef976d00727f7b9

SHA512
43395628453c7f2e4d1248e8f2519d5c797f785688885dadb0b004f313cc03af6dd0c97bc1e790f4400b79637055e117ef5056aa3faf8c23738b23b536af36b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
91decdc0e4a8395addbcf53950f0dad0

SHA1
c75ac6b9a03e17504df9d49a3f284534083f08bd

SHA256
510d8600cdfc64e108b771d81349eaa39140b5efed57414177f82daccd027b58

SHA512
4458ca879314558ddc07e561ff3624ee525b38d5b801fd1648dbca5f1034444f86ee4d8789a36ca63ab584cad7d68512dd249ac938e97c16462c7c1c774d0229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1fe6672429196180e5ec98d22a3903cd

SHA1
8234bf9d5ffbe0d3a4dbeb44ee008eba57c42342

SHA256
cbae5196e2f5a42bd0518651a07b068da86504fac79607a81395d8cd66693060

SHA512
c3193aadd4901100b743c69ed17868844e80932b1ba0565d63b16c287b16b7b68e96b1f5892175611bcc2a59f566f37f1692476faf3573a1f522e33753fb7264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
51b36b362e84254d4feac1a014b02e0c

SHA1
f78da4151266a02c62e9eff2f83666cf1b933737

SHA256
64ad36c194a6a7ddea53703b2600795bece03610f6c378da22594bffd1fe949c

SHA512
f868f5146c7202ed686a0574e8e007c58364eb94493d07a4568c60a74a7f6938dd8a1ccbbe3dbf3b3c8cb093cd0d1a3a7d3468ca410acf56291483c440a05901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f41236f72a04137650bed8ffc9d1917a

SHA1
e2d4f0e1c73f222f48d1ee390b4e32b9afc87617

SHA256
c64980414e8df60c1a3b10917e7fdf845da6801bfbf14823da0f62b4eee46906

SHA512
55670cc137622b1c53d632cdd41993469373b15e85003d31e3b357d16ab10422a83477fa75637134c30097e9e7b7c70e25a69bd47023cdedf2d0117a48f21cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
efc4ba98432b78ccaa61fe376a7862f6

SHA1
869031275eaaa0cc430c518eea70eb97c18d3d97

SHA256
63bcc90b6b11343387802db1ac1b37a6ac26c5791e4b4161db78cb96f713e580

SHA512
0c8b69bc53c944f876a8efa755bb36c476b0abdcd17f8ef6045bb594d805313eb4b7de33a560b696fd37687e40f1f6a5d84b69a8fd26f79f8b603da1822de04e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
9462839af8fb4ef47be8de056cce68ad

SHA1
68a2f479c70a442a4c4d7fe7a634c9745bf5699c

SHA256
1e88f5dc0db2a168732b166767e65c3f3a429c34291a82d4818e9e54ed63f3cb

SHA512
9a793c51e8b1310fa80ef26c881885016dc3acc185747e2fccedd152214416c89a9442d67feb9015cab9f9354a07611cbd78ec3e73fbbc0e5c50c8e0bc11ba0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4950b7d71a8a94898b5a39c690366bf5

SHA1
6f6e63bf10125ccbeea8f3ecf623f67e2633f0d5

SHA256
22f1e1f60ef994093f1339eda09076a46c2da63643cd8d137ee8de02cb356007

SHA512
ffc289c99a3436f4a89b6ccd5bb068580c52c1cc6387d2864075e8cf48c69911f05bf7731975e1d2f4787b175255af7119e2a0e7f169da0ee98aec8577b79211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a2a87e629c7160a0f4d30abb55478f8a

SHA1
4399b7dda5f845533b5c82a722f7db0f4faddaea

SHA256
dd0d54781ee6730419f245138d27a6ae9faa4c32b196b69f34d720b271f23510

SHA512
a46cba59d8019754b90e3e0745973765c3ae8884241d3f483590c200684109e2cfc930768e7f4619eaecd66cc7fd8ae8d44f4c039f3decb3894786a9bba489f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e29f.TMP

Filesize
48B

MD5
0d2d90f33510e6d0a4fb102245c93e6b

SHA1
156be7919e8a46ea011750b03e1d59a788a5c24c

SHA256
61f3bc557d8ca45193129628d911227f0edb85a1f06bc5d6ed802e34bbfad0da

SHA512
cba6fdc21737fac4a787742c2163327254e84f1e89e84be8e2b3bca6c59a15c77ba22325f45127a65522a931bf79480890a42c92a358294d1bd13160830dcdf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c1cd9ac0bb3b6d8693e6be3f1eed2847

SHA1
9a0d9b01d050ce0a0afd0ebb1a333dae22ff03aa

SHA256
a68c4c6d0fa2a08a86456f5f17c3fa0278b6fe53e3a159dd73ea4bb9b1c652b5

SHA512
3b79c9b0041954e6c8040585fadd6b0ffd98bd30100b64ab7e8083f922949013ec6551fbc40d55858f46501837437c9cb37515f9b7f60f019a6d85d34154725e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
b59e13547f173f5f6244a13b47385b36

SHA1
dbb038a4d43e7766626e2b5aa8c8ddf5856e2aad

SHA256
833ce3d5c05f1913ee3a1d0937e8e5cb693188a1d9322a3aaefa0ee747913560

SHA512
9ce7d5b87c9f00ae59e506b92d26a53d6d8f3f524e220ec367efdf2562894465d6c9ccba58fb8629e497af9864f335e0213ad98efbb7ebf9264eb3ab446d3557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
3ef1bb665e8822df5d96abd3f6da6079

SHA1
368c75a9efa024f02f0605d1009f892c9b9f53fe

SHA256
d4fc966dc5a44b5f45cfbf81629ee3c7deaa4188779efcc2b4175abb6ed4b469

SHA512
d5438cd7502cd532bd94895ab71ac2baa938bfe704c40bdf1791400737790d99aacf145427858910db11c831c2582db7a8f7f9e5465606f9d218e1c7c6da97d8

Download Submit