hxxps://customer-saas-5523[.]my[.]salesforce-sites[.]com/era

Analysis

max time kernel
899s
max time network
861s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://customer-saas-5523.my.salesforce-sites.com/era

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874568983950038"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
6128	chrome.exe
6128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 4640	2524	chrome.exe	78
PID 2524 wrote to memory of 4640	2524	chrome.exe	78
PID 2524 wrote to memory of 3888	2524	chrome.exe	79
PID 2524 wrote to memory of 3888	2524	chrome.exe	79
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 5560	2524	chrome.exe	80
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82
PID 2524 wrote to memory of 4032	2524	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://customer-saas-5523.my.salesforce-sites.com/era
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc966edcf8,0x7ffc966edd04,0x7ffc966edd10
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1924,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2204 /prefetch:11
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2176,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2368 /prefetch:13
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4144,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4184 /prefetch:9
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5112,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5124 /prefetch:14
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5524,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3796,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5384,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5552,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5616,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5768,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5220 /prefetch:14
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5820,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5828 /prefetch:14
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5844 /prefetch:14
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5276,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5020 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1904,i,5142877104500119334,5285362611200649358,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4200 /prefetch:14
  2⤵
  PID:5400

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bf15bfdb8de6f3e99788bed148b9b5c1

SHA1
919a83166aac1536d025fb51ee739842d1bf4242

SHA256
47c526669bbc3072453d0e3055587911c3efb525635b81c1670ae6a307d3f560

SHA512
4305ae114e86c33df22b23e35be347664a82f94761a7b892fb3d09ab92ef722d20f511fc6c7da09b3806851f8b4c9de053fa83a13126df28b2154484d9e1f17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
28277311e4d0ea17a8402abac1fa4c58

SHA1
3eeed42dfbdd781db8073da820fffeebe79b4170

SHA256
c8e6b735d72c05eb6ba7d634613ba05c32b9c7dde29c0a6b373624655dd00333

SHA512
ed34fed61f77bf9e710f7f72f30e21435f38c6129fc9782cde2d8d6e64f78d9e6bc3b73bccf7036e22aa2c2cd6ab424904447630818625f6a42e2a0a71c6db41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2dff787415592a098a43170c9e8580a0

SHA1
efaf3490c8661f553655fc3c4dd298909ac9345a

SHA256
ec3ec05806c28f8f3d313c266715daf693228d315bd301eb3c91b3f34fd83e3b

SHA512
dbe6428672bc8ced54d81d696eb6b512b14de5ec3d542156967377b849dbfbaac6dc575fa4b4eadb7e7812e7e8cd65976036a9c980ee4c4b5b3612c2fe93b348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
c966618ef1af0c70fd8dce98e06e790e

SHA1
1ba74dfc13a90901f75282d714f8bc3453b418e1

SHA256
ead7fdb18c3a1209f307418bf183bab6db213ae6d44939f83ba6d58c3e552996

SHA512
c72353da0e82a4bf1d4e931bf01e1a6d4709826222803ecc983892d96dfdc7636a9eac653223770b8881faa95e2afdc4fea2a0f96312bc77d1c67a22eda08890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a95a055e65bf34cf130cc1dedb3b72ed

SHA1
82cb868b75aef1b941fcc774f6b3aa49de1d8599

SHA256
fb0c2c957582628b2261f458d39511d3a6dbcd2ebc888a26d6934cbaf3fb3bf5

SHA512
ca4201f94810feee3ccebb93f99bc61bec1cd2b049fcf00614781ad4c0106bd43084b8cb486b44f370954a5503827fbd6166d811fa864fe65aa3eb00e53ffa5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b22875abd7c1e5bc70efe8768059daff

SHA1
7725dfd60ba1f6245533f31d29b4a2d9c741d988

SHA256
33aadf14a47334288ede6d76cb112d0fc1679f87778ae1c957275a73fb31d1c8

SHA512
c49e036a7e47808cf4e9fbce57e36e4f39dc6790ec70519d927129ca14ad66841f29b8d1608436f50c3651400112087049e19838e7badd9179ca1a48e0f438e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fb13ebe368ca3e93e3f216ebeb3a716f

SHA1
e652ddfdfda7750e78f102a36076b1c169ee827d

SHA256
971b4036001878a0453c50f3a90779ed4f8602d4246b02c2012f2cd328632eb9

SHA512
5abc2486a87beecb390cb5b57d1ed237cb82bbad1ecb4c05f756393cd47493fa5839d5d6d1f95586cb87abd8017971db2a8a8fbe461e6add32efcaaaa348ac1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
430b1e8fbe66d047881134245d3d2cc4

SHA1
70fae896f1179174cffbdda2787e1a45ea645ef0

SHA256
f2feef2dbf71e9950c7674e1353f1be5644618b244781522cdf2dac17866d422

SHA512
e2504b811ed1956d9e1208c0b4c0e4b7504ac5ed279c9792102cea7b9a898ca2ed86068565f0830732db9cea82119c9e6a28f8abb906b4f7974d7d86d3d90ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0dec1065cbd7f60df787d60a8eb0ff60

SHA1
b5ad9a1a862618376c1ad6a82c16a99f0011de1c

SHA256
f902de4c1c9c27a9a913b30328edcd424dc3ed7cd72f312e086f7a9d36e12d9f

SHA512
feaf77e3a4cf223ef0fd78ef9b3412fa296d983251b2686afdc6e9ab2dcad61eb1eb6f77148993afc1ed90c2cdf06b9e6fe657a54fe4f7e301358e351718e9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bbcb064cfaaaaafd75c14a5311f67f87

SHA1
a4f2491d0b5ee6b6f42c5f9e8a227977ab5cd097

SHA256
4213b2bfdad6d11f1b2cafe3cf35b6d47ed6c2db42190c7e8398ad758ea723bd

SHA512
5171e3093a3bb5bbae4fd312880238b55e8d4fffe7689cf587c20e02d45d213fe7fa28df4cd34f46f38aaa1325f429907db2160b945ae1d9b862f8fa2e36c98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e261.TMP

Filesize
48B

MD5
f070985789945eb08497284673daad3c

SHA1
354ca6ca3bdc240ba580dc4b59d155279fff0a94

SHA256
d848f689986bb4ca216fa70883e0242cc5d4eecb51b72073eeef53b086fb66fa

SHA512
e503429efb721e30f3c0b99b11311d0623d149d5afadeda02e3d9d7dbfd22324a5c5521ad5a14dfe85b73131c783718e13c893c150bbf09473e3d758815ff786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e647a2692424945e4b28fca0f65756c1

SHA1
2b22e7f598a8e0d746c59f67783c372c14a46199

SHA256
56bfe676f46f58a23951cfc43fc750225fbad7c787aaa20bf1db8f49687b3e22

SHA512
fae079401158436cda2e49151ea50f79ec7fb26a08e19792bc82dbcdffa54116cc996c177473ec16b1ea3c290e6f619e3034d87c9102a01a253828f3737efaad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
2969f38305af5808c1d2be6df7ecfdbb

SHA1
4e21e452dc0ec922333c63ec0dc81cc03ea5852e

SHA256
677529bf2274fe719a0301ffb654af8beff3d6ab82c307b65a9503af7d4c1e27

SHA512
757929875f2a8bec755290a3d0f0cb8c867ffb28c695903bfeb6ef5df10b88ab03460fda509455963399bb29223cb654420b2dc7f8e100245006152c6144ba8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1ed71a7b0165abbe3c3c5997d7ed5f34

SHA1
b63f836a95fa0c13c5253c1d96b72f9f2b44f71b

SHA256
a28e66ca2251a54b2549e13edb4fea51898385cc4893159fe029ae19622b96dc

SHA512
e80f4e4f536f58977154592450f49211e44809471baa610c583b01ff10d12f6d2d6ccc8fccc5e4991618a3488428d8e53c184decbf66078264759de5a23c8c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
aa658295d60d118d6965b79ebe69ff64

SHA1
e8ac1f8b7993440e1174cb41e38d46bf187f5fa9

SHA256
385e5e283745cf17ce76218b8b6feefde8d722b9baeb3f38eac9d471a2b1b94c

SHA512
5607d861b252cd69507ffeb36779de9ed207e6fe19f0e44030f54c231c09a5e39cea83e1a59a9da864ddb35a6c1d1ae7c3b1dd3142647d669eadf069ac9f3115

Download Submit