hxxps://innovation-platform-6635[.]my[.]salesforce-sites[.]com/sec

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://innovation-platform-6635.my.salesforce-sites.com/sec

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876375032367521"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5664	chrome.exe
5664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5804 wrote to memory of 2604	5804	chrome.exe	82
PID 5804 wrote to memory of 2604	5804	chrome.exe	82
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 2176	5804	chrome.exe	83
PID 5804 wrote to memory of 3832	5804	chrome.exe	84
PID 5804 wrote to memory of 3832	5804	chrome.exe	84
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85
PID 5804 wrote to memory of 4580	5804	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://innovation-platform-6635.my.salesforce-sites.com/sec
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacf58dcf8,0x7ffacf58dd04,0x7ffacf58dd10
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1860,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2188,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2232 /prefetch:11
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2420 /prefetch:13
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3988,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4240 /prefetch:9
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4268,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5304,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5324 /prefetch:14
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5368 /prefetch:14
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5336 /prefetch:14
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5476,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5504 /prefetch:14
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5640,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5412,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5796,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5800,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2972,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3448,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5540,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3664,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3468,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4620,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4232,i,14256645852694924539,5566083828345210992,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5472 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5664

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f72b201f1b9b1e958a5247c20b622a11

SHA1
8969681a0d269cd6eb71ee36ebff8b2b244ae84c

SHA256
32cf507bc5d1fe458e8a080118c375a6ad487dd2a7d34b3414559fe3daeff29f

SHA512
8f7d06c44a2f7bff0c36038557ae948d585ecf963d4adf01ec9ba91e0dbabbc6be8d5f4fe32f6ebc244902cee3a2e49a9b6f3e25f4a63a80c932e4a70cc6522d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fbaa5d6bdbb70e33cebf7f263e8c22db

SHA1
5f6c65a504a768fc43c976b39d7c0269cd24bb0f

SHA256
325fc93582847d3bf9d0d5039f7a8497b9e5a13e31a8d2b82dbbfd0004491aa7

SHA512
06153b45e5b6b560c034324cce1f5ce5b0cd58e86d8aa6927e5626763a748d78a9a850ca3ba616256058d65c7f862eda4cd337d2467224e6aaef7fdd47de1495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
676f118e0d99cfdca609fd88ea46d97b

SHA1
e81ade0f9c2a2ec62e4b577e220c8f09a941e312

SHA256
63e415708cc3cf1eb16b380767733dcad84739cc64a52ce70486debac8305e5b

SHA512
28bcf43a005af6b146255528d449b6641b9a949ca2bedb621b4afee785100820aca858d5b084117d0a4d1250298265096e41d86df978870d68759aadb0754f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
5ae16a028e0da1bff6d1cdb90a23d848

SHA1
b583bd16e8d12fe96c0571e1f8661d331eb66e12

SHA256
8c9fbb553ee5a55e83e054a524f8fbd1bff9d03a1935d9096e9cfe5c2dee0535

SHA512
390d17ef6863b5c9138e92ce8952d69a6fac775043ec73c47ff963cac2ffb0f617a110f2d020e3a1bf6a8e2190cb4fc2eb766771142aec78a839d5ae12ffc3f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
0329296c9068e307d58007cc5c7008aa

SHA1
6b1f8cfc4eedb4f3acb1999745b99892a1234596

SHA256
f044e6b5b65677980a2a5a0b7d05901a7ecff4f51a123b13514abe08b5e4aa42

SHA512
9724046013fa19f46548ea55eee9a35216d3c258663f08c144240cafd582bcc8bd5700d0b8aaa1a6eccad0471ed03db6e5ea8a8b5712ab6f10dc5c4dde77482b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
cdf4bf1ecad3fd4fec191de6179b8b00

SHA1
78aa39ff00b67be23576a2fd563aa10f63270b17

SHA256
32ee1761c67d7507afd83e11c5c758670154158427b9f412a5c436ad6ccdf98c

SHA512
dadd7684c84c6b7321527d77c564b1d8485d4471fe9a66559439f21b6942a492d50edcf024e9ad91c7e58f5e97d9cf9e2536ee806728459187686b07db0739bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
30aafd1bd70baf80f9bec48be4aaed93

SHA1
863d11eaa2a6376534ff675a3a84343f17cb3850

SHA256
4f27904726b00ec9f71a583d0f8fb81f15f4f3950a6b43a2b294c53c6755b79a

SHA512
cf49dccc973a62910e6373e824fa3d7a740c7fd2b8ce81b85248a810d512bfd03646d022ab5ec5954ec343fe91b0eb43994e72e503559393967d24f955d90bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8640ad9bc5d98278228648b10361613e

SHA1
a95c054aa53afb460ede80a9d95f7780bea5a703

SHA256
bd92de7a6e3a6e680fe095b65b8ff2d013b50e1b5111806ae5a86a8bacea46c7

SHA512
8c2e3d662f74824ee10c480113f81afab2bc775a5d98c1e9a84acff1f1f260eb9cda24c013fe0339c595dce6b62bcf77cda073555dcf3d3e4a7f7162085b2763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
752c0c88c9669e265e12dd5e74b37848

SHA1
b1cf85c9b9cd24df611a8633fbc72ae0bf97f401

SHA256
1abf2f2c1f04e0222bf2cbd09e3f8aa70895a98571c782136456ad011838183b

SHA512
766744e71774aebfc33cdf5c27f1f44249d01b4abb7b33788b8a4621cb4744a9de81e2bead9bd06d9ba74e64cf96c236a4348fce0aa083be821b60ad7b31b4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f7ce5abf2b90197405ba06c9c342f935

SHA1
1f9db1ebefb4774a5e5730fe181524341ca99c32

SHA256
3fe4243bf438b26aa0ef65df07b3c8134464b737d3c92acadcb619b75e1e6e93

SHA512
aa74efafef4185e9a478830c76a58be310ca36dd2d3310672d7ff1741ab160ebe0ad85d2c0e8077f606bcdc247fbf33d59887c6df6d861ea6797a28620ee9b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0ead48314581fda7340d5eda90658884

SHA1
99c1a5e8ffd23813526078fe9cbb85307f674683

SHA256
dd7adf102132eac3ef20803acded65039c8deb60a8d36921091abe5abf349cc0

SHA512
8ddb516281f27f266cd0002c96020317985bde8d3bd0bdee59d98d9229ed7e8ba3c152d6a7d95741e4110ce02de32f5da68481924f54d8eafc8572f73de09b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2e124730b0bd4a670dfbc9398b98adf3

SHA1
dcc9c7b00dc54f722360f36bbf54b9545656b580

SHA256
68ea40b5f221354639b0f05f101948bb2e5ac4fe19635d877d7ff27a53591985

SHA512
e43b390e952a143ee6a475090e67a1e7c6c6d9745888aa4426b549c68085e46ff76d9a0969a2a39f98958b1cd255f341342a9c6e7c63ef289b2cbd75d54bd24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1126abf83e169647d2f848957bdce3a7

SHA1
cde9cd9d7354fb95124516a8a1dff7403b383178

SHA256
69884b670189763469c56fbd65f7323b3e3af76cac9c9aa8e37b3bd1426c35d2

SHA512
922db73651c0a6e9c031afd53eeac163a2890d2e13d1eeb55215def13d3bbdd2dbecfc1c0df4ba5707b0f98fb4a2530384c56fd4931996d26f1946be7dd2849d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d8eb.TMP

Filesize
48B

MD5
20b1470d361312fcd2f5c11fcd1e02d4

SHA1
f14a4ad9d06e55baae726abcb3a698a244bd9758

SHA256
92b02e1aec1ebce485172b3b1197a3ccfcde5d9e873949ae0de2ea16c9c98010

SHA512
9c89491c89bdec6cf2ef076935c94b9fc75c3d5177348494a57a87ab908e62127c69412ee818e99d3eecf227d1a6db5b6dd3496fc03464e133c6bfaa061a156e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
48b4dafae142fd114dfae5bfa76a6582

SHA1
88f67def8494948284e6492b114dca0e093a3437

SHA256
1523547879b885de049b6060d44c362ebe13967fc77a3787cb0f52853947e46b

SHA512
770880558a4ef2bd90fb627bf4e90ee89aa9c44fd1d8d34a6f4b41bb7d1b1c73eb0d7c5866d6bdb8ae219c2ef08710b1983880742cfb9a62bb54995eddb7860e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
ed8711dd115236b0e9f2345704a25cf6

SHA1
5e2e0aba453774c47aa32d41e5acb721de544721

SHA256
5f1ae9438abfb52cc29343b1c1145028ed4ee52316e3a89636c6754672847dd3

SHA512
2e011d306b46baca9ff9af5923eaf281ff5a97f50074bca5f9c5b4df5d57e99d862aa1a9b1fca15419d113b76096a224f95c7bb060387a510f9eec4510828866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
def4a86ff90834faf93876f83725ed48

SHA1
d71b512a0ce0767f3264e37f786903cdc5e95b0e

SHA256
a6b19bf389667151a9a4ebcc8384fa8e55f2c67dfe1c1c447b1cb052dffdf963

SHA512
78e775d13923b7d5f863fd8aed6b5dbb36a8687e146c07f2dda665c90cd1bd994650b30c4665c1a8cc7f6a18386f5e989901f342f1c93fd8a84406aaa081b6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
49a3603338c0007040cce0933547669a

SHA1
cf3d20cfd646f0078166b9686285b9f2c0b23549

SHA256
c9a9eafe5265ef9daad2d0ba840218a2dca2314ccb980e94886a851e838dbeaf

SHA512
ea3657dba415dca6bc936365e8569a4bd552bfc1960c9aa49390b55246925e2b7b283bdd897ba363680a7386b6191e02f06c9402bba91bfc6bdbd43ad08c3cd7

Download Submit