hxxps://shrt[.]asia/XkRPf5Iv

Resubmissions

30/03/2025, 15:57

250330-tea7xs11ez 10

30/03/2025, 15:54

250330-tcfdvs11ct 10

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shrt.asia/XkRPf5Iv

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878238780758421"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
5192	chrome.exe
5192	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1960	2192	chrome.exe	86
PID 2192 wrote to memory of 1960	2192	chrome.exe	86
PID 2192 wrote to memory of 3052	2192	chrome.exe	87
PID 2192 wrote to memory of 3052	2192	chrome.exe	87
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1756	2192	chrome.exe	88
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90
PID 2192 wrote to memory of 1692	2192	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shrt.asia/XkRPf5Iv
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9c240dcf8,0x7ff9c240dd04,0x7ff9c240dd10
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1536,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2116,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4256 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5180,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5548,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3172,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5644,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3200 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4228 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5664,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5912,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5504,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6024,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6184,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6488,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5560,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5536,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6340,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6636,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5904,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5492,i,16433181419351366410,5633953496329970703,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5700

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a23feb3bb790dec3cebe1dabe45e4a1d

SHA1
34742e47e0ff22c055fdd319f2556886c5432d06

SHA256
b818a1398a602239276b56d16bd1f52997cda6fdb982a4c9a93c4c8592023e02

SHA512
17df43a348549112d3d27784b7ae82c3547487859a67b3489f4a2e6b39926e51a3fa96b246f1b44510776e2a01f9c6a421ee7879c048bb17f83638c21333b6b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f08764572376034c8803a76a02437912

SHA1
e565f351f78d5c5491c12b6be48e7dbb1f28476a

SHA256
f9a2df948e37e61effd493b1b35ed390442449e612453a65a874ce83e9b61b16

SHA512
f6e5c6d547b307436967c60d1d993bbfe823bd7774ad5551fa375fb56096d167daab6804434b0795ed90636149656d7ae7671bafbb89899d823ed618da3cf26f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b0f7bbe0d14017222e4bea7c46e1ff2a

SHA1
dc1b9c86a044f5678940842be61a44e723d7f391

SHA256
6df035ef31a7d7c2c7bf07ced63602fceec1c8b74e9ffe52b516ade2f0872e0d

SHA512
90870f38c354e294144bdd8f7a1fda469b77c91c2966182355a9502ffe0a8518d3495cdb85a0d1d2db228a2990df85dc87bdfe0ed74a33175d8115127e20c879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
b38e0ff4676983e9922114427a4753d4

SHA1
223ffdf504088f68fc453c7fd53ff31c8b2a60f3

SHA256
300e61294aed68fb1214aa89aad7838164d57f3d2f87f3fcaa41f13f7e4ea706

SHA512
aa9c99a9c3d69ed35b58f5f2061d8a7f7796f2930b259ce3e3ecef908e004a039197fb845912dea641d3ea7c9c03b575e684adb52305c06db0d142e1dbbf208d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
59df7f75fc69d0d9609c92a591b8957c

SHA1
de6480448a3fc6751b92150d1987eaf4263ab1d7

SHA256
945a5e37eb7eddc6ec7cdb3d5fee1dc8aa7afd71ecf0545f210d9463b8c76d4f

SHA512
1fcb0612fac6c49b86888f804c167a5897d1da94f81dc2314031ec69f3bb4c615031cbf461859e2a98775ba935bf7ec84e76ee3d84f8c73e8523bd079b1b556d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ce49967622856e2c71ffe100df6ad33

SHA1
ef09ad9f44f751204fbce47802db845b41452d3f

SHA256
ebfdc41734ed409929b507df6727fe0657f66080ef7fad4830994a391761e166

SHA512
50565ba16077e23c6ffb7735ff83d4cf435c13516d89b97026255cf4ad3ef6010a861a4d1017875c6fc261878d22ff8458ecb4d315658edf94a3b2cde824eb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
8a39cac950c90011b20c3ea0e0412e1a

SHA1
452c150d2432dcc5ff0ec9c597aaf39cc286e352

SHA256
5fcb36bb47d235c9c3d2ab99afc909b70551851d886bbf5d705bd774d11f3608

SHA512
0dcd80b84c6b3d9841ed1473a584a46d6f23d2cae2852b6e5dce25f823f99abc5f12f27fa3f8b87ff58c717202ba829de1568be13ba950ffbb2483bc4dedbac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
af95687ff0c4f34eca390e8d98a2c0fc

SHA1
0779a19229ea7e3914fb198536a6592748fd544e

SHA256
0b8c97569eeade78abdad41d89af4752c9af407c08aee5a45d6837a4c2dc142f

SHA512
2026b16c86e585cabd956f955582cebac365f83fc15476431d2f62bbd86bc8caa38136386dd81d6a5cff2297bf6cbca00b3f8a8ab621e198e90c169e52f4a90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
646ccbbd738167e0c790b2856a6af661

SHA1
42ce7202143b013d2e2da64bd18c35441786ccc9

SHA256
faf85477db246eedfc800efcee565d69b87f066aee09d7877ba86d629c2b017d

SHA512
fb8fb0064d5e1cc8302ff5f9699d3ac3409154bde522eadf21a905984886c225af08853fede143030cfdfd1cbdcab0df98d13271fa4a05f52b78ce5db1bae49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c57c343f54f8a153cf8e1273ec981c61

SHA1
4b0040c013e5356bd50eab72ed48f25e97b6d03f

SHA256
a059f388b08ac82f5704a9915f4842504f6c3686b266b314132dbddd79077b2c

SHA512
aa4468c95d0528f351fa3d5198c6655a1d49647b02d3403012f786102c6d65b8b266a21ec097f178a6b827240ceefe5fd81896f6ef32a85c80577d740adaf2a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
425c2fffa2f7da637188c4d2eee9fc70

SHA1
c58a721de1c3bec40f0edcb0264b2d636f39db40

SHA256
ed6dd3c6913d8cfa394ed243b9086b5ac080c5d0846634067644539424bc5744

SHA512
4a08f22244c217df5290d7bf9a802b9c5411a6d75d39ad6c936bc12ce4ee23160d9cb7202f7246059be670d18edbf95fa92497eee4bfef1dde1b9c3de75f231b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
479bdb9e053135eba15da92973663bc8

SHA1
04445d497687d5f8af0490206114184230bebcd9

SHA256
260e6af3ae7ea680290e6459f4535b9e5e046330c8b7b739730a45b014f5ba47

SHA512
399cd2bef7fae6f9534462d0f5a0a254c85ecaa373633ec0aecedf5a0305a1582544961102be698ec97c59d998786b1114b69b199570305d38c944db3370d8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
49ebd3bf9607fa6ab815486dcb294076

SHA1
67c4fe335952ac262d123b72fb7e8be271ea92e4

SHA256
d79684439a6839eb4cd5e31d564cf927105a75e08f931b404d486f18a1de5643

SHA512
742d09e9b26483c3be6326c26f42cf84cf0ee0171c989c2ff63da55f0c7ff4ae88366fa2146016696521cfd4845b47f8221d84835c28291f6ea1c88ee620b5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a047.TMP

Filesize
48B

MD5
c5a20bcba9bed84c13ca32764a5f8a62

SHA1
c1f0949351f5d4d59fa06cae72625309d2a1a6bc

SHA256
c1d54e7d8f276669e3c74bfcb3390734169dd7d5bf84ede98f6fa2e355f6e29a

SHA512
e3470057385fd7b59e14fbdd33c2781f70ed5d54774f50fa1861a6325761acd20c959cd75d3b03f3b778c6da6ba7fbad135cdc4392245f631ef699b791411090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
02d0401e4f953785d32f9e5df5e9505c

SHA1
8629e974952aa923ebf7bc7e1d9bfa7eb6fe6de1

SHA256
35ea520cb39a9d282192fd134656b75f8a0a861c40128c7f704d3b86b865b8bb

SHA512
5faba89236234cf3c3e0eab5ba411bcffc4619c3b879efa87f856052bc6c27e7025d735b90d8e7eb6d89559c9190bd5c4ce2ce7c76166217ca5375301c7739c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f233e92b4162ebbe005306062d2a1e96

SHA1
7efcea5e2bc641cdfb137d20cec2591c0fbc7830

SHA256
532e5cdc4439c71443fb494e537d0be9f1929db15f93c0d1712b5a02ab5072c9

SHA512
9353197ba97e1fda4050d4dce18ff161ee3868df23aa04182e1424a78282752c1f9178e0676f2c6467029d9ec6c14f88d075b6f27242cc0868b1a5239676bb2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9c4d326a748de2a0e08e8a771a506531

SHA1
51f8c9a9ab2c73511160293680af39fb42ad82ef

SHA256
f7d6e5dee63232e0ee4c7f09015a71030eee0dc28a00cb5ba0cf3768469ce50c

SHA512
1b23347ea9c22f665e6c711d39e4da96f0823b728525c1ccebc6771a47db16c6e13dd15731c9fc7bf9071318322d8f132e754de237addf96915409e8e4ac6d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c4c958aa57861728a455e64e7957279e

SHA1
251d57564fd0d521a312aa96b6f998c9df0c34cc

SHA256
d712c396de639c6eea82d6c74f40ad74ef206e772597e9e80df8fa72122fa065

SHA512
108d38d46bd99fa866562b0668dbe72d10728e248efb4fd2ad141e0d927f7517290b10570b734d7d6fa45a56b3973c7db36a95c36c2060c12cf25ef7c945e6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e90e30230fbdbd46427df1cd572588c8

SHA1
cdae6bfb427d55098ebc662dca57f2c10fe56185

SHA256
8d7712eb3f82e371f697acbb3142c119aee70ffef3b028650d8d74e254bb6d87

SHA512
67055f470f355d5c9973c8eda8a6cf0a48151ebeb31b51f09dc05e8454d29b25ff864bd4ac6674708c70177883c4f79dd9369e82159369013838d821880c4dd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit