c18e046caa74cde4eafb00a085ca3fc71cca1fa64dadce301f2a4c5e850a7006

Analysis

max time kernel
629s
max time network
597s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release.zip
Size

320KB
MD5

74e89e8a5c550e8a59ad4d25c30cf6f3
SHA1

4c16a8972a7bb6f2047617f9ae2018e85aa43707
SHA256

c18e046caa74cde4eafb00a085ca3fc71cca1fa64dadce301f2a4c5e850a7006
SHA512

2f932b97be913f9c39b07abbe224d0754c61e2cba1858a091928943480b00481af662fadb82dd394c27665fd025388bf0c826e116ca2ce5b1dd400bb7bbff87f
SSDEEP

6144:h0OgsIiaJeGH8P9sFUD0Mc2DNFGyZSDwinas2E7MZZl/rPn5wuG4+65jMH4B:prokGAR4iHCtaa4vrT7fN

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
132	camo.githubusercontent.com
135	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879084809304085"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 952	4948	chrome.exe	93
PID 4948 wrote to memory of 952	4948	chrome.exe	93
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 5052	4948	chrome.exe	94
PID 4948 wrote to memory of 4876	4948	chrome.exe	95
PID 4948 wrote to memory of 4876	4948	chrome.exe	95
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96
PID 4948 wrote to memory of 4372	4948	chrome.exe	96

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Release.zip
1⤵
PID:3680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffebbeedcf8,0x7ffebbeedd04,0x7ffebbeedd10
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2004,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1600,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4360 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4728,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5356,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5368,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5724,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5760,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5848,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3304,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3328,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5908,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5932 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5012,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4664,i,12675767868029628383,9579094260650526103,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:640

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0f60c7f20b2dbdcef474e953416c48cc

SHA1
8613a2a7b7f0974732670e5c489285449289dd6c

SHA256
39296bcf0bb855cbfdd1ba466ed46bcdc9f94269c1cdf1518ada8621262f09f9

SHA512
36882fcfae13c576a366e9b67c7614f0c0ba7bd1c61bfd976b722368536be2dc8f6e76f6bb882436279e0b1c30a8d9c808c09003a3b4bf0c83885b9ad45b1f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
64226d7ad2e5f0fb36f0976f1c4105e3

SHA1
08070a79a233ff91d2f3842623edaef8fc2b91fa

SHA256
f33ba9cfa6c3dcf6dedaf3135e8eb3904721e10f4867dcde71289000210b1f62

SHA512
dde272000dacb5807aa65bbff59aa8d7efa5bdb7abf0cdc3e4f8188b8e99d0d66a3c310a306c72e98bb68ab457db1b674290f624fae0c48e95fd143d06043f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a4bbbf5dcafa2a43f9f5156d035f2875

SHA1
f0f46f2b0f664769796486b67662a4ce39702b1d

SHA256
278bdea25ab57a77363ca1c64ccb9cc6186de74991ffc11f93ca2cd73bfc45c8

SHA512
5977a95934ffeb02438d9eb7af7567b65c2f40bd04c935b2465c6e9fd2443c6306f8f318875629c15a42e44c6d7be8445e7a03454dc10bdecd0483a70a930050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1c2937013927eb9a1d074d1d5a5dcfe

SHA1
5b482354a7020b09b5ef8d278d3079523f4e0bbf

SHA256
87e595511ff300577a6b97f9abd85f6cc147dec4c103b89c4a01c160ba6b6c5d

SHA512
4eb7daf34d8a954b0c7f195765e2245842a8e8e3d30f4936539950b385b6c9c57d3744b5e2d264060e47cec049aaffc2b6564703ec05fdee19d2b2d2be7b3430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e1e3ff644c2951d4a6b035df1f945d9c

SHA1
ee7c247209d8a90ff3b94e4aa6d6b52175981548

SHA256
c8f38de0376acbc41b4ab77fac271663cde0666b23002c2a8baa7985ac183b02

SHA512
b8b4831621db36f78c5d081ad51ebd1b67876781350e00debe2d3a876813dfafceb7eafa61b060f6fdf883961b20a825b20cf48936732515551d8ebfd18aaf03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd94231e3a349c316c161a9784b3b4c1

SHA1
0e94086ab929f68838a3fd0f0b341d3cf0ba38f5

SHA256
9eb4d86ade011eace503d77ab581d6b83bfa574ff2993f1e6fca02ba13d8c433

SHA512
24577a0e8e7a71196c6fff601cea64cb3a057eae0c8b1d47e840f82e88adae6c3c0349f3dd484a50c670138a168a6f981f29a14be22a7234b19210b6b0e99176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
661d0921a57e32310f2bb7fcd53b23bf

SHA1
67c2c14d32dd48d4cc00661fd399b788c9030de7

SHA256
b555150efffc8133ee3df82356d39d2d09469cee56d230a18495b5fbdc32b708

SHA512
12ce2a3272c3d76433adb823af77c308ad0311594d041271c27d3de13a47aa9d63958a331b7a71b6ca7af0035832446aa9006c608672a49c6c06d5564949de11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ecae039ea86632292b6e8a0493d43566

SHA1
91f3e27be0001c46050183ce6db3153c53c5ed94

SHA256
a4dfa8d1c8c52c21902e5d363030a36eaa8d2f116a396d4062546e4a154193fc

SHA512
e193e21d459799b708797cda0bd4a07050b33ed6a17b7791336c17a12ccead94682706a8c11c66b7b8c2bcc069ae45eb4f0ed217abb83e62056d9d5060469f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
123c9bb1b43154e54b140d19ccff4e01

SHA1
ca3ff8c8e48c611247dd668b33c20ec74ba86d3b

SHA256
278b1e110ea264529c2186dc259767f4a7fbdfc70aa04c332d6dcb99da2cc838

SHA512
73c394e3de46234793d54ab354f0d933d03c98d5252049aeaa4f30faf4084fd42a5ca6dae28c5369c93ad54c47f40cd3e6710fac08e6fc4333bb09eaa5a3e839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
767a411ddeb2ddff517e04a3d891701b

SHA1
06f55e83d5b6738ea3e2de44097d9344aed0f293

SHA256
960d1e59f11aac7dcadc4a9c525c93e9f9a2a84861bfb1a5f8edf531d045b653

SHA512
92b18a11d16bb4a9b6c6ccc9951b3f3357e46619a29943a7d9d4a941c53dddab7f71c1331bea9c494cd5b9e393b56f4d17f0c92ffd6aad6468dd35d558bda144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
b5baef1e0d9269872b57db8165a2fd85

SHA1
c2f62ad8b44758fa1325991158e217becfda0cca

SHA256
064047da3141fd3bb48d9144a9a0f9a70b82eb9002bb07ac740039766c17f72f

SHA512
ad92a53d909fd160e627cf8ba630678c173ece492216bff41c708536bb33f2ce88c2c3f0ccce789cdce51f6cb2e8d80873c86792c72d1c4619e17b12d97d4f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
72efb76e0b5e5f99724bda6ef811858c

SHA1
7e5ff8874fd0d6e5a0c434acd5450e3dd0ada6cb

SHA256
b100f618183b47840d0663623a98fb0a7433f9199b9521c0bca9b3c99199817f

SHA512
f7757b205833273dd0d454d94b2527c726b3002a6b2f03c9c85fc97321afca84b736594343aa2efb34b2646612c92377cf5c18c509d76789a254a17a4b243ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
30a23764bd035aab251fce7c9834a940

SHA1
f1753e9338c0549bc76e279dccfe5e2f7ad45eea

SHA256
a46189f5a109495ebf29e3763d9f3494ee32450c473d31905f993e3ad8fee357

SHA512
d6483626c0a1c69df11c747fac6f5cca3921dcdd7cb2fe93908a345732463f58e002400f8db3f537792a61a95aa301a0ab6b29bfd499c64443660a4b51aaa5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9f94ac543921ef5a6d15cedf46c4f5ca

SHA1
182ffb55be8bc2897a7efeceb017976ddc1887e2

SHA256
154cc34dede639777fcaaa33fa2862448e04621696845d64ec7141b447a56a57

SHA512
a3870e6546e902bd55ff341cf81815ee27ddec56c74038000c15db6421c70d7a3105ffb32dcce5594b9ae81cf5639ee175d12007bb070cd7df48fc9deea8a071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c6bb.TMP

Filesize
48B

MD5
ec33f76400076c200c2d34c71fc4b4ae

SHA1
fc26a3ad71d0896f955983eda481c279c49df860

SHA256
a25517d6e713d9875d1bd0f0bd621b8bd6289be0c9bcfdc5b41e2329a82dc9a6

SHA512
efc029a53266071bcd853abd4143ef45ab6e873ca3ecae381fceb14d829d77d0599abfbe2eab90874e722861877a92ec063edf589eeca3f58d479e9f3ddfd663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
2638261d8942a4ddbc21e430c586b6a3

SHA1
061987f5033850ceeb4d4e87f940e05cde934085

SHA256
61cd4e7bb578ffbcb9f3485fadc350f3de86ca2000cbc415738a71d4ea7d4bc1

SHA512
cde9f25b37b285b7a0d699b4f1507affb8c25cb2b1b1b6db609b2f087e768a2e47a85a6c69fe4df1dca0af9bbd7c1da86f0d78f798ce6fef5112838752724f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
7cf0bfc81081ab063deaf8b2fa86706e

SHA1
101a2db59546f842b0d79c872ad01e004f3b559b

SHA256
08da54f6ce716e88b03c0d8e7eb0c3b6354f947776bd09c6760aa4080942be12

SHA512
88011136e3ef546574fe2fac7c4a1862e57ee9706fcdf3a8346e88b88cbe9ec59c359bddc7037e95eeb957b9bc359777311c9c31a3fb5414ec0e387a980ed755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d72a3d1a7d7ecddc739e0e3b584d9054

SHA1
1caf09f1457a1561ba41322931d74ba3ee16d6c9

SHA256
fb9ff5854e7b36bebafd022f16388fcc9ffa891ca24b42bc636338802a32004e

SHA512
e057ac75a9edf483b058601d3cfb3ea8dbdfd10517acaff43ba7b857e5e084806419e7bf867dd083f764dce997e8bbeba1a59994a99582a61c162b3c28facb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
b7fa2239d8f666535aefb4aafe558eba

SHA1
5e30e3d46298dd88c5e20d1e6c17c5726fa62d07

SHA256
624c22f1675807f9e541615f1d8ecf9b089cc282b72c75ef2aec1a4f7917b248

SHA512
16f0d8a777d295baa5d27d2df9371274fcea89e8fa3b082132180a9c65d068e2f4d26bf88e053c8182496f716a7ae6b325d81e488ecf0a7c3e1763277cb8b8c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4948_1531067960\94bb60e7-7d34-4b21-93c1-918c34383cfd.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit