hxxp://google[.]com

Resubmissions

02/04/2025, 19:27

250402-x56cjavmy3 3

02/04/2025, 19:14

02/04/2025, 19:09

02/04/2025, 19:03

02/04/2025, 19:00

Analysis

max time kernel
716s
max time network
709s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2025, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880948687755445"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5952	chrome.exe
5952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5280 wrote to memory of 5028	5280	chrome.exe	89
PID 5280 wrote to memory of 5028	5280	chrome.exe	89
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3556	5280	chrome.exe	91
PID 5280 wrote to memory of 3556	5280	chrome.exe	91
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 3972	5280	chrome.exe	90
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2184	5280	chrome.exe	93
PID 5280 wrote to memory of 2184	5280	chrome.exe	93
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 5500	5280	chrome.exe	95
PID 5280 wrote to memory of 5500	5280	chrome.exe	95
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92
PID 5280 wrote to memory of 2340	5280	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4b94dcf8,0x7ffd4b94dd04,0x7ffd4b94dd10
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2120,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2908,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2928 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2916,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4184,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4204 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4680,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5144,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5464,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3028,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5776,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4708,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5436,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5992,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5956,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6008,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4812,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5808,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6128,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=208 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5684,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=984,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,3921835639874838407,10613599347871165582,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:5936

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\27211630-ce4d-4962-b610-6a3cd5f2b070.tmp

Filesize
15KB

MD5
4950b7d71a8a94898b5a39c690366bf5

SHA1
6f6e63bf10125ccbeea8f3ecf623f67e2633f0d5

SHA256
22f1e1f60ef994093f1339eda09076a46c2da63643cd8d137ee8de02cb356007

SHA512
ffc289c99a3436f4a89b6ccd5bb068580c52c1cc6387d2864075e8cf48c69911f05bf7731975e1d2f4787b175255af7119e2a0e7f169da0ee98aec8577b79211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5f8e0c09b174880b491a70a6cf345013

SHA1
8ad3fba016d70cdfc710ed8d3d5c9c90ada5bdf9

SHA256
3c5f40caa9c870844c0eb74628ea4d1ce4c3ad97c6e773b7fb3e016c56b27048

SHA512
f21c49e46a6c381835615d5bd8e8cb566503dd230e8b7a7a0baecb55ba12b85f7b87e98f276284ba0bb3ac1da0e05449455ae8521ebda16a9edd1b007fc83988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb8aed22ab39e906af3c94cd5b5d1895

SHA1
979bceecbfc64445ff18a4b89189643384627eb8

SHA256
295bd6e06bbbd8189f97fc13550525d6e7d9c54e9f2694305df6026f009fa21b

SHA512
6baf41e42d470643d091741b7da1bc75b24701bc26148c0d79eac94b1d07bef3734b3f3115b8f7b14eaec4c721c314064db82ddad4132fe0f7ebe2bd89b5e6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aad9d66b4b372ebeeeb0ab7f125fce06

SHA1
574b2d1c2628c81e97b2235033d1ab321fbf6e56

SHA256
864768cbc4fbf3e527f1063478755919d7e543ec371a429dbf315cdc5551d58f

SHA512
63bd86e32011ef65b14a20da6b336db8f89ede9a3194947f06caba185d56ff1e4871216405e757c8df5693509fcdfc1a3d88feab7abdc4263b7f13c280afe63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
4450e3a668d76deb40e2b0d5eb518c18

SHA1
113170958c4be9e98829c711cf571a7a0cacb957

SHA256
9e43430d9535d87b8a85ae1488dae4842446d76b641e92b41bf4d5d9eee1e871

SHA512
b2e0b7db2a95038a542ca00cc3bc6dd598c3e48fb1e9c0ecf4efe5f580de92ff4b5e19448f2a04e9f827dedc165fe01a6220bb4371d002eb60780d03ca5050ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
9b04e6f7073fe31511b4d64ba3c17b60

SHA1
e0e6853bca535657e4d9ef88bd138c90c2c9438a

SHA256
320990e9b3b2498b18d9e3a47db84f1816d6ac39779d37c602e42f6e998b2268

SHA512
a0bf7b6de44092ea2e80571d0e0cb4d8aead89af20e969030b713d469e21b6c4034e2bdd24259d5ceef6eccf2f2ea576eb4f1df4cca98e19c639c1283f4a9fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c63df473c002b0a0985422138e1616e1

SHA1
547d79e56b1ae1f7f89690363e10b713b9cdc02b

SHA256
5b9c5f2b9c77e0a0c2624b39651c1b115cf1b1d01770f4af6595b5c99a942ef1

SHA512
1b1165e9cf596087e148c9cd2a656575dbb8c7efdab18596228c379cc60c4c71c83ac761475d3f9d9bd8f90713a4ce47e43125a34cd15faeeb2d8965c2847c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
19aeb16060188335904e02d766450d18

SHA1
0bd605653734b5bf2ec41a5634fe0850020084cf

SHA256
dbde012d900554ec6c1ea54f0b066e23ecbcf69dd9da822405d8b3be2a2c2dda

SHA512
ed89519a57d54775a01d522d246f19a84988a7baf80ea6aba41d50db612766dcd0df3c23dd6f114141677832d5c712740ff69797434e69a380fa71e19984af72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c45f69d7645be061e76914a8579bdb36

SHA1
3d7e14fcfe8882b9e8e49a5f08c7fe308805a26f

SHA256
bbe1e8bf023cc3ad448ca23481a953f36582ed596dc82574764e4a8769702904

SHA512
926cce512ffd4ebe7013c0f0afaecb28676c1dc493d0296a234286da451adaf69b2e50a41617ab6b8e45aee27ddd2679240cccc94067a4ccceb143e0bc3297f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1e853aaeca649eca191e0c764c938790

SHA1
aa2bbbcd3c606778b327873cb6c67287df97868d

SHA256
caafca2da00e1cac4e6fcc22b55c8da6565a925883401989498f8d0f4753e722

SHA512
cd3723a2c66f51b4d9a3d5afd1167f5fccf20ee27eebb6a305c3acf261949bfc4d3bf2aead0f05303468965ec76c4bfe1b95cc85eda68817425affa0ddcba2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
45d7517ef0edceda622a8ddb2e401ba6

SHA1
47383e30dc226b73bca4a94de6035ed0402e91b5

SHA256
45d6cd7d180f34ae132d32b6476a521811688e5ec1fd5a034a93dc55dfc119e9

SHA512
b001e51b3206ed5a5b8bc206b3c52ecaa7f21130954c933620517d1230074439956287a2bbca71ea25e6b0be37102742d1620df06e84c167f49117046e8590a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5a39827407e4b293ee28f003c291ceb7

SHA1
b6a2ffba3e11a77a0b357dc79cecd3003198d853

SHA256
1fb8598ae1c6767f9db57fc7a3651eaa41613a119c85cb8940fa95774bbd7576

SHA512
bf473ce6d837bff8561219a62ccd380da991f72bc82fb56ce97cd207c51bdc89f02520aa76381deea4e2461406d2ec9e0d1d1e9401f064e6ce85aa739d3c946b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
48262867225937c2acdf59e88df76b6f

SHA1
bc4b0fdc85eddc02f1102bc54245d32b209923d9

SHA256
03416e7ccb1bd5b688e51e262b9163c4d53b8c4db3bbf7bc1286eee04ec9c2da

SHA512
43dc400ea2ab32f0ce76657a585058e4d82d992a3b18d56163a48404ccf1c5cd69406bea8c5d7d8a8d306d7bd4b5b92f34a12b095eba1c5bc6911b7904b1bfdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2ccae64415c00918c631bbc3cad7e22c

SHA1
27177caa151419c2241de3c9017223a695bb1fc1

SHA256
d9ed7718a9d163cc14e3d99d464117da6d44f75e5d07077eb8bb6822782e8d8f

SHA512
78911b4db476ae3a6dace7a1c49dd4482f31a0f4753348ca83ec858ec8e1d72daf76fe34aa31980637d863adada0f019f75f72b69bf73178f3c36540fc1baea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d461856dbea94fa05506aebcd7af76f3

SHA1
b9ff6981fe61047398e7187f7cf9730fcff8ae24

SHA256
7ce6956db3d2cd8ee754e1b3115fa635fc54a606beba4861b5ce9c1e14678ba7

SHA512
e87b44bedc96433342b9c28b2baa8c4f36968b7ecf597e5fd7c9dcaa5671fc1ff80324da84ebdb878e08e53c56221ba3170dc5a5fec3e7e06acae73d3685f773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c92c.TMP

Filesize
48B

MD5
3e26af1ae831bc09b5fe130599d671d8

SHA1
44258c60ee551ea867dfcbf495cf0a67452a4ff7

SHA256
01d4aebba0520722a4fbb1ec744c4571c8e210d6ca4c61e6923efd19eea079e1

SHA512
0d7276a0ffde6ebb4b4a90454346360efc5ca39fa73e89ded0beb1272720cd764653a6e3d2ba865543efe8fd354b66bf662275aae258987f24bced0a55579528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57b594.TMP

Filesize
140B

MD5
8be106afc44bd529a52c5e6c5a424c07

SHA1
c367108828382380bd21d8f6ee8fd53fb4090cf7

SHA256
12a372434a2dd3abc0be4e07e21b6cda09a6f1cf01a04d5979764c65fcbd051f

SHA512
a240978f68f0ac140c7866389dff86e3e0356e95ef595bb6c1cb556377d2aed956c15fd1053521862d1da8c43041c93011aac30a4c8a7c7555633b847d085eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e67474dd3cf4fa9f88a4ac42d588d4f3

SHA1
9516d7f796b03c9430331ab4268001709f969d53

SHA256
a4d51d75dff4584c43f96e190929ff5351d9eb34ec18ca3a5f8d012508813250

SHA512
ad00194f26d8de30af1af38f401e02971e10752e8f5f5f11425be8b41d6b67493f41fd6a90c2707f049a26a8821a8eacb7d1eff4595a33cba2350bfc588b1490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
6efdc5c6a4ef679b5f24da3dcdb22830

SHA1
f14d1a75bccd23db6988f32bc58617daa3030b38

SHA256
aa1875728f8340adc2cceeb3c6c526e2993138d1edab924574e21696090cc75b

SHA512
8ce9a3cc6ca38b42ec52d164cdd0b420b5c84335ff04f4bedb3949f59496891c20b499663e23cc797d709738d32123d844867cd132a935d0be9dac2bb2030bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
8503431c464d2f742304405ae7f47eb2

SHA1
79eb833d654714b975ee9f0a6193e374d886e0ce

SHA256
cce433dfc99bc8f8166b474f9ccbdb016ea625eb21a3a86d18754b2c5b20223c

SHA512
82ef65fd68c4d3e5f4f29a7005bfe88fbc9579b028a942b9700e4087d73c8248a55bbd7908fc048baad8824dd0f6aa5b786279cd6916f989f2d2028e76016c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
adcda7f838ff32e69eac3c66f90752eb

SHA1
20ec1b7d3c7252c413a79b347bc6f6c96fed8843

SHA256
c34521bf107362c40bc5bf4e53e5d9ebf8b9cbf57aa91370da7a54ae6a8c76e3

SHA512
d368dc985c46290bd12a71e22945a5ab6f3b9814f1caf25481dd94256fbac594dc021c6b00bb44397a43374c0517dcccbb58296c2837627c4696646f3de604ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c73b8b75505ff00a139456841772c9e4

SHA1
1e3799ae59d8b9ef0d9a123a4e75248b2c528244

SHA256
91523cba0441499d1d0bb743362f07041465e5c99adf292707d6a85be7d550b4

SHA512
683a0583b979cd2d20b885c388e7df3e9651f5813031d2ee1ac1f299f9d5f8c46d21bf0ce196eb40080b24a149ca7f9afe50e84f96436bf098d73b5447c52ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit