hxxps://customer-saas-5523[.]my[.]salesforce-sites[.]com/era

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://customer-saas-5523.my.salesforce-sites.com/era

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874542308643066"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2652	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 5380	4828	chrome.exe	78
PID 4828 wrote to memory of 5380	4828	chrome.exe	78
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 5752	4828	chrome.exe	79
PID 4828 wrote to memory of 4216	4828	chrome.exe	80
PID 4828 wrote to memory of 4216	4828	chrome.exe	80
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81
PID 4828 wrote to memory of 3048	4828	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://customer-saas-5523.my.salesforce-sites.com/era
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea11dcf8,0x7ff8ea11dd04,0x7ff8ea11dd10
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1732,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=296 /prefetch:2
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1440,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2268 /prefetch:11
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2360 /prefetch:13
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2896 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3036,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4160 /prefetch:9
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4148,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5392,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5404 /prefetch:14
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3292,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3088,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3260,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5608,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4576,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3104,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5712 /prefetch:14
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5932,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6032 /prefetch:14
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5980,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5920 /prefetch:14
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6036,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5936,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3032,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4272,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5888,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4632,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5872 /prefetch:14
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4240,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2348 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5760,i,14675534346521088877,8029131457367070549,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6052 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2804

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\880186eb-c4fb-458b-a3f0-22e231068540.tmp

Filesize
81KB

MD5
3c49915a6bad83742f64a5a4d1be8e1a

SHA1
6ca7daa079595356440df3bc91204c594bef14b8

SHA256
deef9eae0a2b9c7ce312c7bb455e377d0c50a74cc1ab268d428f6d33969e6b8b

SHA512
7a06d7367a8c9bbefcb10fe7337f260889e86b4f9be2d2c7c4ce52e7f400c0fe8dd02364320dc3640d269dd7e34aa93eb291dc8c33a0a3ebc64b7ec9f6eb84a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fb4346b74e45ab4f1f3121dcaaab2e8c

SHA1
13fbffe9275d77eeb685131ade2519ec85dfb28b

SHA256
f364b965546495f8a3f3285c4e5b163c92e2539af86bd68bfa69a7914414b00a

SHA512
c33d6df8b241929ca5cb4ec90ff5e2dda2d89a0b380ebb5bf88208982a61015f5614e3104fc234fc86755260efc7433a8e5749058162e4960c971f61ada77ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
2c9a6e06d275721205966ca982face69

SHA1
73533e1bfcb809d8d94d1a861f1b3e25c37749bb

SHA256
d22de431758bd64b2007c5ce078e1a85c00e78ed06a9bbac2631326081cecd81

SHA512
77d5db8ea1a66f4463f745593427dd8e0de50320b16ae873aa29aba8f067b662307a18d6b0c96d6d26f9d3b02521e66566e3931fe18c2d919c5a4f47583bada1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f85e26f2d7893f52b05288958515436

SHA1
d966f87af9c3d522e5a341e13da04bbe92098205

SHA256
175e9470f49969e51ff49b5fde9db7076f267115239828255823e5a23def13d0

SHA512
d7bc892bf7cd11edec53d21d5ebd633c878d8c4fa3d9d84437713bc9b046c13ac76202d0f28a6e62c3676731a50dd22ee33f0ca631ed0ea5f40511cec6c2440d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
497a6408c19bb15ed558dfc515600526

SHA1
2a7dba7f4446aae206fc3029c870460451000f29

SHA256
8b0bffbd721faf3cc341206c738cad6162fb647eb48d7fc0e8ef79ce00cb0d9e

SHA512
ef9bcad1b52c09ddf2fe2e092bb5092ea80dc70a4e5dd2dba3f95a557afb4bc1fc14ed248535d54bebfdbd68b190d8540fdd04730104f3c8ef8eee192bfed93a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
6cdd65788b46d94a0a360aff32f1be42

SHA1
d99c61a32341b9362e0b6685d76228812878f3b1

SHA256
48b825f585c17d752846ce0971ea1b86485a6839aac697dea652273bd4b0120c

SHA512
5fb4c4c14f1c4f05b5d704cd2bdef538366b24b45e5123bedc94c8921b247943579cffdb85b5a14ed339cac87368e11d2981810cc563191909d8b5d44d93f2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e9530a4228c1f37da6a6db607f5296ad

SHA1
107298bfd5a3596b6258e405adfc479d63241203

SHA256
2c1955817257fa556715e559ae05c663f521ba713000a26e68b12353c125b33a

SHA512
0faaefc74983f5b00af6489ab1c13b33d162e13323544919a685909a1b4873a8138ad0c1a55193884d52f9fcd151cbffec0938da39d57224e8f57c7f9a4f879c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6a3d0855dab468ca931acf106aaf0c27

SHA1
1840a74ce44ee626b725d7c217ca3869a41e6f5e

SHA256
91bcf27140efdb336c7111259d5c43838f3c86ae8e984ac05a0214d95fa4b74f

SHA512
2445d69c0a7f7f3c43c2ad4344d66a6d319b3504d935dc0e9f1f9b4da4a97fcd20565fcf36f9535879914da1e9b75b4207c4cfb86df58442e205ddf9f04a7996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8bff5e050a448d302bab6b646d44e67e

SHA1
4088a8492d4c1c3b4c0482f8f67c9e432a0c37b6

SHA256
a6f83f30c583ab0fe8d92e40067daceaa53806b716f125a0d60e7b523ffecf73

SHA512
118594db9c8174b6988cab03e73b6111fed9c94726442bd4723f1cd39b34d69db2fb72484a0c7e65665b0dd698f9d7bcfb9d623dc7b5c3fe1905fe706a9cd183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9993d4e78ac9042191281d34f013feb3

SHA1
59658654d3920605b729a542eaf75e624463293d

SHA256
bf4e60ace0169c533f0c387a40c694eb4af84b2c350438491372bb01d8160437

SHA512
364cb4d969dca7c84d3ed9c4dd8145580290e14f930d3c6b3247eb73f4d279c91e74cae41982d290a6aae885a601e016d525c1ef35854c3ed2a57f425faa3399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b3c9993cb22531ed132c110b98ba7576

SHA1
044abd8e3c7af9d682c84832ca17d95951740a0e

SHA256
706acb79e184d9e5b27ebf517e7c13a9643c5fdbffdf5ae54937b17e63ea258c

SHA512
961b698feaf025e3fbe86e92a7ddfa2eec04f338096c1224b6bd04d65abb84ffeff68916a0df4843e6c9dd98c26640d6558029f5600b1d92ff0bdb6e519ebb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
021245032bd2df9620fda63430dcea3b

SHA1
fb7b82bc19f6068f6cceb2518e0bcf2c1970ef61

SHA256
bb2a5fc773861c849d501040da9d763366b253c8eae5ceb4a3b7d8adcb9d55b9

SHA512
0f9f2787882bd2ec9006bea6fb58ba0fd52115cb82361847c4ec9297e29ac80b14d2b4f875ecc71831f55988c54b373380a5419ffd5ae5f238c9c3138b4bc256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3e72a826b3fe5b405d7298c2774360f2

SHA1
bd2d66aef21af8bf660de608907c28733405ad19

SHA256
e8df7c3a336b6f820984fa1bc31c751e1271b0904cf916c51bba1d4df8bd17dd

SHA512
3aecddd3c3515fcc2ba6b3503955ffdaa1d34a5be9514f1a25c41e26f3fdd1e002dc02a8da60e19c2a54dbb14a794ec4e9312e7a144126e26aaf739629e97da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8810e1c04c2e734115878c8ac31e6f9b

SHA1
c77d5d1becda03069db3055318a227c500a3c73c

SHA256
22ddad143766c96f272cb7a7a6251f62d1390c1bad6ce80d1f79ed83d5273f53

SHA512
b4b09d4815d60bb153cf9e5be747c6635837414c4bb90da9fc6909bb9d6c294a112d7274904cc039c3401ff603c1ef7fd02bab6d9215d78aa68507a7ea970f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
049123b782022622224f318056842354

SHA1
a412982afd05cb84eab8db678cfdafe912d6099b

SHA256
6983dd15e495c101dc6b77019a96ea40d9f47a24d606de2d893f9708c41202ef

SHA512
2c45eac0e382ef0a6fdfd423e6efb67400ec945fcd8a8d3c972bde8100bfccfd3fe594f69ba49ae1d84ee97a1fc29bad21bd52088bfef418551485d1548fca6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2d01d106f9d69d94184d660ac346ac74

SHA1
167599635885f7ac6d571f7878e4fad4b62fd371

SHA256
ead91389e42a8b59013e85e38dc8a0e910199e644e1d3876f289c1ab250db094

SHA512
aa4f2b932acf3d5125d7e8715eee1559797043444365e0bb3df58ec6e8ffd27c815ac0fc3fdc2a860c2897b39e8ef3a4e76d656c5c5c10f8483164f36482592a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f02fa2efc747808945e092e532a3de1d

SHA1
4b4fb9df1ef6f8efc5f9252761670cc8c54e04f1

SHA256
714d61cc901acf1eedb05262ae3f26de41d14e7632b9a967c52b0df89a5eccc6

SHA512
1cc1d1257ecd828aa90830db62aeaad13d5c3314ef9187e0e95f12f85bafaa1fbe13a55464e46e63ce1ecea72f2f04df4d86f04a7d60184de3f6f2e80eda7476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e84d.TMP

Filesize
48B

MD5
b2d2be5164b1622167db378e58e39358

SHA1
8514fe93675060aa7459d47971d609dfacaab61a

SHA256
b47173f06e9e19e8b54faf903047e30af282d59a5c313a73e0bf0b80a958c11a

SHA512
e28a9f611aaf33e7155452c0cd20d225dd00e7a729b4a60f698150aae67131e51a1e0b081504f3dea4899763b387d93d83cfd3d7f0e533e65477ad1e9a04e630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
ef008001305b3fd070289a7675b71368

SHA1
8592b379c133bc26f4a379386fcd345eedeb5adc

SHA256
821995107aa2b8c8f30da7fb9f01e9eac630e253458705267ddba0884a080b74

SHA512
82cbef5a7d8c202f1f6346ae18d37584da94a4930b8dc47e727ab939c0b00d43f8d01f0931365220425d9b651a6b33b232650acd0edf8447983837df51e31c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
8964b887d367f81e8a56ed9a69f46378

SHA1
f5580518174b6041b7c1af98349879682e3a2915

SHA256
a887f8fe3a88b1f9a77c82432ca4674c14b90fc331fb8abaf04291eea24a7ce2

SHA512
692e49fc614d112c38fd825d63076021241206f2fd5ad459d3d1be8c8b425b2d34d5abc2548e8cdad72081cdc41e695ff900ef6a72e612bd052b74048c828128

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
84b5f1bc195a6222f206b17e996603b1

SHA1
0977d729289199370a82df58e2a5979e9231dec4

SHA256
8c103258f8f41d60bb852ca9c6da03f32db9dde9b8c5a2a5e688e776619d6a98

SHA512
453ef62fa26666512bb257c5c9971ba0b87d47412a8b7256b62a61c2328141442c55f2f0183c7acfabea02285fb0dd8611dccce75635a3074857d0a6cf2a3072

Download Submit