hxxps://google[.]com

Resubmissions

28/03/2025, 15:23

250328-ssvm2szlw2 3

28/03/2025, 15:19

28/03/2025, 15:19

28/03/2025, 15:18

28/03/2025, 15:13

Analysis

max time kernel
189s
max time network
185s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
144	raw.githubusercontent.com
146	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876487905991823"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2144	2284	chrome.exe	82
PID 2284 wrote to memory of 2144	2284	chrome.exe	82
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 632	2284	chrome.exe	83
PID 2284 wrote to memory of 3100	2284	chrome.exe	84
PID 2284 wrote to memory of 3100	2284	chrome.exe	84
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85
PID 2284 wrote to memory of 5464	2284	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff48c9dcf8,0x7fff48c9dd04,0x7fff48c9dd10
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2100,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1856,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1892 /prefetch:3
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4272,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4260,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5600,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5620,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5788,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5948,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5932,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5964,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5512,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5208,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4408,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4724,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6104,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5772,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,2021083208707451792,9555215968998710868,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:3136

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1c3928fdd622a1932eed5ff274eb44c3

SHA1
fcba5af4ccb3e87243f84c3791c5fb89a23939ed

SHA256
49658db2c8f84629aef50b3b0339546f59b0ebc8488cb04c91c93a8acee813db

SHA512
bfa089f922ed81df413b52a9dc38fd81c1a408007e0b713bc83f4509bf2a8381e6c144e4886a0a75b19e6855c532ac8da68f531fc80f1f68e85c4cee01400979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
b4feb1b7940e0372aa0797c1900d8f48

SHA1
d7a565001245053a2f6d94f3f52c780d4d14c74d

SHA256
8b8047bf805a7584a7665e249e75f0e84bf1673e9a8fb5475b8a152769a5571f

SHA512
6be27d94411b49eea8dbfdac11a549c21619281af7ae29362ffd1ec288daad91cbae92edbed462d03e5e9e54727f5b394ae604df6598193bf01b7388d048f32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e6ebb164a6d5951f41826c6964eb3818

SHA1
b9be4b58bebe8d903107ade5d971fd39530a8bcc

SHA256
38e554c0e7038554fd7215e3b100a57d868423d8b7c4446895a75df59cf3e324

SHA512
fdff2096d052657ac03314ec06db8d8676fe3bcbfece7a56f52e6de8233c2fcb49f39a08289c41e9c620f3e4822c2196f297e3ab7688ef48e79eb18a8b830105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
56530bf0df173c38e59f6fcaae7f964d

SHA1
b7a277fcfce7f6968b42aee91eb9577ee67e2fc7

SHA256
7dbaa5f624f406b53948dc19430e52f9c847894f35c8710e91de8f0bfa7d9894

SHA512
95e6b29320f06158960390e6674881f60377ef895e653af0571ca18cf298a94d7c754eb0a03a95461bf5339cbeb5527afe137eeefbe03f5172e6801cdc5e0347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
3b12e3b6d35a272986dd32dafbe435e7

SHA1
3a1aec643a155facb671b8ba2931fed0fc5a4a68

SHA256
cebf3500a0db4b851138b19f0dedde18de43897bcf027830543e546c17505293

SHA512
85c36e820a972699a515e931b7370b59df2483ace935dc66028f42f058c091affaf8e62e80ef60a1f813b627f319dc289d6c5b0a533cbb2850d81af0c1d4fcc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
fa93797db0b9e71d7fe7f00a2b1404ea

SHA1
3a0eb3273bd5da1fa2cdb8e4b2e5d767a7333a0a

SHA256
fd3c4df329697b7471ed8f3c1bac30caa7bf49f3ebad119963ce91ffbd589743

SHA512
b15b841a7229b81bf2b9f3391ee6252e9b000ff028d9647b7af257730a50d465736f5c05405b9c65d3458e7e6e75fa88da5d34668111b7124700194a85fbab7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
551c235ba9131d9caa657227c9db04d1

SHA1
f55763caf251539718efd8ba0f80119f750d374a

SHA256
61e94444dc6a71b81e7499a7ecfbed64139a7d9c070d7267009900a47abf6d7b

SHA512
f8321cfff8df00ed766d312a9457c38015a5e1b02dbbc781107ff0c286e4ad447bb03a5d5b80883e53d71b1b0f757b6bbc542cf5023a0ce001fa196885588ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ead522415d8b10b94eabe72019e55a63

SHA1
dbe59ff658206b100e278af1879e40a97f6ffa05

SHA256
ac692ca453236bb84fa2388ce1d12266c2ee1b10fe95253be0025c4b8c994395

SHA512
febc57fac4d964370d6747e4e213fd45dbd8dc590c99597b149b6cdfd30f1cd9ffbf2f2c53ffe828de94c3bb413e958ec5de59bb1c67e24b076f4e851429b3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
92e4974295a8add503e47194ab1a0be3

SHA1
55448e2db126cd46c4d00155057a85cbbf8c7ad5

SHA256
6e1613d0a58d183bcb7278b068851dc98574e95b3fd5915c6bf08a431a7c5e78

SHA512
64a669e20f72476b6e227ef2ffa0769b422e327c7c6a402832aed21b94c9a933547cfe5b000acd8e99ed48a8fb5b3ee14ad65100584edb4d74644cf2d4181f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
d2e8bfae6c1ba846581019f047a32ee8

SHA1
e5cbfdff4a74d4961979205487c7b9927a56d698

SHA256
0378fb12be27a871f64c2c858f5e552f73f89bb5147d990dbb06751807dc17da

SHA512
5d23c1742dec899ff03409f0d3db9ad28abd06369e18b3e95823542b9742de52b81532949a1fc94c8c538355d57763c290635f28253dc4877d3873c1204bb631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
dc0cd4c13ad4eed757102daf7d22cb34

SHA1
db9d5d5ffc2722466b8726e85e32191c1a411b96

SHA256
9550e01cb148bcf8e131d9a6691a9afcefa38e1752fd934f5aced76b7a266325

SHA512
916631ecf0ff9c67af756388f23b035b5f57ca6c3b552b097189ad759fdb4a5fcfd6363198b3fa5bccb3b2e3c00870321c42fbeaa88c15d0f9dac4325bb3daf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d65eb1590b6a7ad76d4ca3fec69501bc

SHA1
b999cc5ae1c73ea81931338aa72cbba44c24b3f1

SHA256
b57e6987f0bb90c1c5ce96970f72ad301bc9911271d130f2fc64dc43af9f3087

SHA512
4cb3602241d07a250fc35c354bb57ea4d3ef9dd3004da5538b7af76c9590dc04f6868d4186033ed26a905d85632f24b5f2c11a8fdd6f331a9173fcf17bc3d907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
29583ec498a56f1f91728a72f15f6843

SHA1
0efadc9138c3604cb3745bc7824304303a2491be

SHA256
6cb9f9e2c893f9d35c513694896bd42e0903a1fbb7ab0e771b9ac4978ff373e8

SHA512
600f0970e685efd2e3694068392fbbe3f72bbf4c3436e09f8e4032764cf3e6a204a34e3eefd5f57629558e244fd6583629d17a0cb8318786c4451c4aa7d01aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c827c8f1b8821b1b2e74bc8a3555345f

SHA1
11a9e1075a7964cd30cc7cc80c62ef1cf257d9d5

SHA256
981fd1151fe8aa8174a5a2369edbf26f5667d91c88f395f4d35c817ec88aa4eb

SHA512
682316512af1f99472f93b0576f97b73946f1657c1f748c809b7a1f442b4e89f4fb0a06f15a93a04733ad1f84c554ee0887ba656bddd5e5902b7c0039810c912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8469d4794c4569204ca8af549b0c0c0

SHA1
d33a31fce1084b1d4a254ec3573d3acfcf4c1d6e

SHA256
3716a9d245ad9185cbc05dc231e96801a023e097313e204809d4474eea5e9774

SHA512
fa1db6846603e3e819ea50992cfebfd42c6d9e76452e759aae5ee12537f23ac6e7a150ca3d0a92765efe00b1017f2bb822037613741ea2d3593dfb87d2c79dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
15aa27958f261ad3835ab3e6e6e4f65f

SHA1
1c99b90fe2eef6d17f5577b1205bc8a19a03b108

SHA256
cfbacf77db3df61395daea9bbffa99f893208719760cc988af33585d5e83c965

SHA512
2d62b308b1f3a84b042d8c4ed4f4b5c8fc9072aeb9fb093b8df63297665003ff1084f997a0bdce39e28a36454786d17b5b38e5ca0742d851e2f94fd3b502fd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580ac9.TMP

Filesize
48B

MD5
9c270127e40a2fab978b2d7b608b528d

SHA1
db136a008dd721e4771aa9542bfe9b2d8066169b

SHA256
c158318288854c49464a462d8d3d965b01be1eac86cb3619d6546d77de772bed

SHA512
f76a149b4750dd98dacc5043f3fb9803c936b0ba25cbae38d33e8db5876971f2bfb4d9c7b614f8696982face170ef8935ea2628e26c08e74477278f6b0e5463b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58072f.TMP

Filesize
140B

MD5
979799a727b286ea8856a94f69f1b1da

SHA1
a1c1b86949b409b6136a326b00c5b375cad141e8

SHA256
429326add33d645ac714ac9ba373e5d643b9aa84de967769b889a00764b9788c

SHA512
58abea235a3fce7a0a95469a795cad23e8ba0e26d647e99797af457e0f4e4446caede0b5814e6261399974918881a513994603eecfdca27e76303f9b22f0f436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
7e25330639db9060f89ae4c5d6300559

SHA1
bdad1ac26a9efe9a15643ba6fba103f70647be9b

SHA256
684ac4010824c54d3fd3a04d1e689f1f069fe1c2efd9d5a55f8c7dcdc07e10a9

SHA512
8c22b34760a0518b88f282833f4de430fb84511380756fce76d8119582b47a70b0fa38b5bdb8f80594b077aa9dde0d486f4e3a9bfd6dc881b8b27c0839aa43fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
cd7d064a02df1899e6a900faf380ee44

SHA1
92c20f937d5136535f0711c639126c17e7df9e21

SHA256
b93d4de763c8288739be555395c72fee15d500d993d85267278b47f61d8e4187

SHA512
89a546c0ab51ebd4e57e2fd8ea4c1dd3372d49dc95153f62a5e0e90548f0aeaf93597dac2d4e62f8d26321fce4b2b07a6ea2dd9aecc04a41ad639a77bccff5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
310279c58094188c524275887cd9e521

SHA1
7b75dc7273d40745dfe1b3e4ecbad16206e988f7

SHA256
a32955870edefcd83c71e05d9beb241542edfe36e0ce82b4fd76e55804bfb92c

SHA512
9814952259196eb7d9fc06053c4fefa303d8c59de51414815dff3154cc6210e651bad4e642dc54631bbabce7ad7d7c0cf7c73688b08ccc048d821b5a0b9f1c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f9e7582dcd97ebdefde3bd643a6f2171

SHA1
500d31a915216a9c1f56b50fdffb744d97360b1d

SHA256
74b1704f6c4775337f7dcbf7591f744a50a5e8c0e45135bdbcff6184488583e9

SHA512
345a62e50eb20ca5559b7dcd274105e6a965a0f4b67c14666b6e9c0ebb239b17b8aca0f8e9089766bd8c7a29480833a9acc5fff87c24d46c98142b2bebbafb3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
df7688fc65cdc8e16e91ce2a90eaf9db

SHA1
6600a3b53c59278e91108c9d4bc4a17e74e5d6d4

SHA256
2644d6a709b57f982d86c6ed8705526378d283b7752416193681e18b12cba189

SHA512
75908d1d5a7abd6b7e895f059e737469cb8047be4123eb8bf6382478ce9a4694d846e68848cf496ab2ac5ae533594e9ce2e4234f80441bd88534c25e72722cac

Download Submit