hxxp://connect-flow-3914[.]my[.]salesforce-sites[.]com/threads

Analysis

max time kernel
219s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://connect-flow-3914.my.salesforce-sites.com/threads

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874393616579436"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 2908	776	chrome.exe	86
PID 776 wrote to memory of 2908	776	chrome.exe	86
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 3588	776	chrome.exe	87
PID 776 wrote to memory of 384	776	chrome.exe	88
PID 776 wrote to memory of 384	776	chrome.exe	88
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89
PID 776 wrote to memory of 2576	776	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://connect-flow-3914.my.salesforce-sites.com/threads
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa6889dcf8,0x7ffa6889dd04,0x7ffa6889dd10
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2224,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2336,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1736,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3972 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3292,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5240,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4752,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3300,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5536,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3052,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5708,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5592,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5848,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4404,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5968,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6104,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4636,i,10635441767060369324,871958083912956139,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:4600

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e7db135220febbd26a01b6533c672056

SHA1
79061cfb5607327d005e741fa9cba3eab5ec23a5

SHA256
d6f76cec9b0d8b02a4bee869492e47877060b3d5add6bb9938e1255a4ce3b93c

SHA512
f372ac7753ef6e7f8fe39fa1d8dbafced927d43c4d02bc7e3450e93cf70bb15bd4d2f0622e828dede7433fae0a2bb71c3b89c046c4e17827a8032858841d42d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
addc53b55fc816001797812086866845

SHA1
fa1250bd523ab1b18c1ec0b3c0f175c32b1b3a22

SHA256
cf6edd24cea7b08abdde4b8f4268a9d3a689dd6a1e23df62acc5b5f829104773

SHA512
7bf3d796eddb66ddc82e9eee1fe97b9656a879bcba1fe20e7b8d5839a4c758826e0b289ad6801ccca08350b17bef9328843f60f882986f114349fe4c97cc60e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
16KB

MD5
cfbd80e7e66d79e34564d857e278aa00

SHA1
b031c56e0d575967b12106e32a43f7992077b16d

SHA256
06956e86d37705b5fe1f310179aa71df9bf2480a0bc6407037e5ce68705daef3

SHA512
f1a2460d76a07ba5428e983d4abafe423c1214b2f55d7316621e5abaca05e351e13c6b0060019467da2533c55198364f0f30a66c28da04f4b5e9a30e060e859c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
16KB

MD5
86102161437c95528226cdd64de8e4a3

SHA1
adef64167fc0ad78ae1b99f4532f78397de64087

SHA256
cf2aafbb2708fa8486c24eda7e4e362874088e19baea3768f7e5312b2bed8b5c

SHA512
df37324f76b834e8d64c97c32a93a4d97ce0653137c9d1697baa6aade2ce311743594fa16561cbda4d53b75f0370fca01281090ec89070cc478e66234fa77327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
23KB

MD5
5faec4dc0b079da33909cd0da7c4d6cb

SHA1
f33a0b80757ea084815b00cb52de1c0278132dec

SHA256
e46988117a8ca35fd9c3e2bbaa5c7d3b754d2105de4d2accf78f178d7892f631

SHA512
a4961dca4e4a36e14826f7a8544498003e3b2b825ec6f118040b237f0f2163f169391682e6838adc033496d7913eaa44c8fdd6443b1bd510f5d7b6424294c58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
44KB

MD5
42b7c2bfb12e904beccdac9ca0252920

SHA1
f1e3b11861be5d483337cf293ddfa1edfd1f2a46

SHA256
8511ba0a173f88f67a2a086f63ba9ae785a3cabd94579286148625267e537fa2

SHA512
e29e7045750f34efc31f7b5f9a8ffdbe7d30c12a577daa6f4049457ec7faf44f490db0b9d4139f5675b48481e7464366f2f3675ed02da0b2370c89bc97f87810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
91KB

MD5
8e2d07e90758c916bdc8eb5090368f0a

SHA1
e675c3736f3aa482e86ed66e6b090ab0757882e2

SHA256
f8f959c739c755842edabddb771229be169ff7f8d236ee2097e1d4ffcada8272

SHA512
d4b55a153990071ac7668ec57b1820b9e52154dd0bc2c203ad25d4c00b6ab711147e5146e2c865778aecc0f3796427342b9f921952ba9c00c87c8ee9922e1dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b6480ec5963cae5b48a413c2cf8e0e2f

SHA1
b5581da6c2e7a6773704008f58687ef62e21dbb0

SHA256
ec26d9428e0b2685de702fe9dce8d51220809807658c08e865331cad97b5885b

SHA512
47d5fb82a0cf25a08fb11dd425849f244748f2685d8355edd7b17fc9f431b2df71177a2aae64f739d95043850d859f0f49942ddbcdedc5724be4b0ffdb8bed60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
dfc48ad3ebf0c5e7390081c565736fb6

SHA1
9e0c37f800a43707bc3901871d97e23f41177648

SHA256
17dbd7373878ef6cc818476d1a5c1e252d11c54106f615a46e98d6d84dbf9ab2

SHA512
ab013c4bbf0274d2f705a235dad34ae447c14fb83a9a4dc1fed119baf59755c1d3d634b864b669ecdd9cd973a308016aba76dcc745ff22f938d2986c16d92c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0ca73ef1f6f70ad85fc4f2041dc7360b

SHA1
6fb92cdde0c971870c02a61ef78fe2005cae8dcb

SHA256
ef614f9c002b36d5b88bfca91128f979680222c5280db5a10b006288aba996e8

SHA512
f76089971691a71b7c534008ede9a5d71954e6cf8f4527a54d1a59ae9d933aed55653382f27f18327bc5c1de29cbcebdcd01450237edf55cdf3fa4a53e348ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
776b8ab668b59ea8ac0c4833a491d53d

SHA1
39688869794b44cd4912701f477274cbd0f4fb8c

SHA256
8e780bcdf7029ee4080a17177b93f9d60ec7e5b1e7aa85ab88342b22f025406d

SHA512
cbc50a8265783264a7c294398fa25b25ee7320cded368911d25e6801ba5b8711c56fba3a70923c8cc1326b3a30444df74e35aaed28425cd0cda762c2141abf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
15f6baeeeaffee0bb13576cff4caa81e

SHA1
444f8bc48ced6d5f6980f43d8539afb70f4bfbfb

SHA256
4861227b8ec814371ac15b8ae4c40acf554bbdd6153963b691d8865eadd0e536

SHA512
c4c4bba89dffbafaa16eff06b2a520efe27c3b32e5a3b7e805ea6a0ebaf284d3520e5a1d026fecb88d3762cb73c33631f6890e5c708b9403dd64b11be76b59dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a0e8c002ec45cf39b7c896308136393c

SHA1
4ff42d4573c04c02a5b48c81c0d2a85675c8a364

SHA256
bc9449e62626b96849de7a7eced5b0d2e2c2fd2b59fb15836d8805578ee5f7c4

SHA512
e64c795e59a6cc55bf81e2df5d191464ee37e96c91a52c86e33c1897bf769d88b124ce684ee9456cc1e123d1e45b73337bbc7c6f1f1fcd0e0349ed6ef76e1d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f3492a92348acd6b94b744fb197fdb67

SHA1
e1b5d84e21426077a3a7908f0b392bfc811491d5

SHA256
b97f932abee113017090898a55ccba0d60a114e372ac80c3156e9ad947937dae

SHA512
2039e7b838e403fdfceab18ba6b55b228745da8189b3554602111e654fd9868ef08d31c77938c0743b2047cabcd6cbadd9a5227399222aef495b82958db2d71d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f13d02d101bfe63ef2bd74542668d46a

SHA1
2450cc0d708eb676ce4a65eb2c69a3eeea0839aa

SHA256
c30184176f6ff80f1c955a60f893d6b835ab7204d49ef48b0ff82027a33d1728

SHA512
d7fb26fbba8f263f51bf58a6b1e36b25c094ddb2554de78f358594e175ccbd6338ff2e5abf5e8f816728da2cbd5beead0120ffd734d6c6695b13a0780c739498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c746a754e21714e874199e17ba66658

SHA1
6230f13fd9d3608d727fe38e7dbddde35c6a479c

SHA256
d0526eaa182b405ffe78ffbae932f0ed9e741eeb93a8889613294755fcbc73f6

SHA512
b5dee15120caaac5954975c4f4bdb2f208cc4b8fff3b04487e2cf3f37f24d436401af2d211e2ac5f47cb9cdf4ff6e5c3fa70579f398ee1fcb62f15220e0cb482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8b6e3e4acf246784dacccd3053d1de53

SHA1
6a4d889f8b3613d2bf569f307baa0da1f2ff4746

SHA256
9a0b7b8d9bb715fea7187a6d2c2dd527cf1cf2900e5399ba7ab4f473382fe888

SHA512
49f01d057a2fec06d5cd1e57861631d7f7a26c1434244c05a80b00deaabc3619ac8b002de79abb4fd06023c3b17786c2b573569296d7c4ccb800fc4d246603f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b8fe8.TMP

Filesize
48B

MD5
56d72401bcebf7a328194b1953e2a13a

SHA1
fb302636c16dc16c65ff4dd1116de33fea040624

SHA256
431018a703c21ff6ce185cd1b232a8465c7caa6c0c19ace3447938a73758256f

SHA512
9c860f9d074ecc3d77d8e909f0c8a8721ff1da6d58326f5b94d03d4a26f3287dcb5a42313d7ef0fb922f940435c3ded7ad544a849315f9bd783b93a016ccc925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
025c5c629e48dc4a608cb7b7e88dc608

SHA1
73086f11242944659d46b7aa970ee125a2b5793f

SHA256
c54030d5ffab148de9ab61b01769ddf900b29d236dcddbc652008dd98c1a99d5

SHA512
2b0eecd9d4b35f6ef64179650b3d4130cebe518d6b4424af2cb644da7c4dc341d4c111f97e2c64863ab4087e2b13609e92b9e6b7dea77f5020c47514135dfc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
647c222bbe2aecfd50840db302eda2b9

SHA1
98c9b32d914c998caf8ddc0dea36902cffcc598c

SHA256
a00545632e72db3aa4b5eac93e4831a24842a6f89f3801b830914f551b25cc9c

SHA512
9c379441852199e089d4d26616c0f431f142fb5d27d224ee2002f14a82215ae116ad505d3035a1d728faf598398280155d78c91b0c4913b18d402ba468e02f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c73d80e489afa1d94e15925317800d11

SHA1
1ccc55ed993240089a1e3d32fd2da1758aaf5b03

SHA256
852106a6df0ec59422947b01d6b91d87f8a17ab97916ec5f444977da30149255

SHA512
c58b205204c035aea9f22bf34d08c339cfcbb3c58338337b2a4a776e20aca73d4b33d29af966f048af9a31949381721639b0c306642a4e2443ca1c389dd06e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1ffcb695ddf546dd954323ffb22da52b

SHA1
780c3a251342f62dcca9da5e0679fc4dd6da036b

SHA256
79ec8ba3f127859b4cbc3a3fdf536e0eec9971418d1760532bc7d8704b25ab91

SHA512
b90f6affce94ea9dec8b383dc7b945397c8ca7434902cac2119287ccd71d747679550f0e233725eeb28d823151eeb606f7bd8ca1ab0b228027a87b586909f424

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit