hxxps://dxw5nj04[.]na2[.]hubspotlinks[.]com/Ctc/GJ+113/dxw5nj04/VWWByd7bKhpMW3Mq6q34vYJ8RW4YmM-15vczZHN5yXtlq3m2ndW8wLKSR6lZ3lLW54VN0P4TV2tVW3MWmqD77xGzfW8YfWZN7sLFGpN8Sns9dVPDS2W7lN6mm4r5nn3W2w9Xk_4mJGpnW7-VYxQ4TD7_5W9db86T3n5LF6W7F5dD092K5MPW74yGf25D508gW4xf1kh5rl7xCW5t7DJx6zMjqMW8gDrjN5Rn8S_W6PQVZl8N6m-TW2HsL1v2FX6ssW1p5qCT2mb3vXW2KJbnM7PD43GW6--tRL8GnY1-W6f4TfM2vJbF1VmcWrH33bJRYW1gHJL81n16KDW64qcLd1g5q9FW4j5zNp4F3-_qW4wK9tW92f2h-N1jrg8s15gqSW8Q_3c43mpq6nW2RHYwL8Qsy-mW30-3hf5kS8b-f3WW4fl04

Analysis

max time kernel
218s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dxw5nj04.na2.hubspotlinks.com/Ctc/GJ+113/dxw5nj04/VWWByd7bKhpMW3Mq6q34vYJ8RW4YmM-15vczZHN5yXtlq3m2ndW8wLKSR6lZ3lLW54VN0P4TV2tVW3MWmqD77xGzfW8YfWZN7sLFGpN8Sns9dVPDS2W7lN6mm4r5nn3W2w9Xk_4mJGpnW7-VYxQ4TD7_5W9db86T3n5LF6W7F5dD092K5MPW74yGf25D508gW4xf1kh5rl7xCW5t7DJx6zMjqMW8gDrjN5Rn8S_W6PQVZl8N6m-TW2HsL1v2FX6ssW1p5qCT2mb3vXW2KJbnM7PD43GW6--tRL8GnY1-W6f4TfM2vJbF1VmcWrH33bJRYW1gHJL81n16KDW64qcLd1g5q9FW4j5zNp4F3-_qW4wK9tW92f2h-N1jrg8s15gqSW8Q_3c43mpq6nW2RHYwL8Qsy-mW30-3hf5kS8b-f3WW4fl04

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
174	2980	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133887817669002613"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
6088	chrome.exe
6088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 3584	5084	chrome.exe	85
PID 5084 wrote to memory of 3584	5084	chrome.exe	85
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 6052	5084	chrome.exe	86
PID 5084 wrote to memory of 2980	5084	chrome.exe	87
PID 5084 wrote to memory of 2980	5084	chrome.exe	87
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88
PID 5084 wrote to memory of 2524	5084	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dxw5nj04.na2.hubspotlinks.com/Ctc/GJ+113/dxw5nj04/VWWByd7bKhpMW3Mq6q34vYJ8RW4YmM-15vczZHN5yXtlq3m2ndW8wLKSR6lZ3lLW54VN0P4TV2tVW3MWmqD77xGzfW8YfWZN7sLFGpN8Sns9dVPDS2W7lN6mm4r5nn3W2w9Xk_4mJGpnW7-VYxQ4TD7_5W9db86T3n5LF6W7F5dD092K5MPW74yGf25D508gW4xf1kh5rl7xCW5t7DJx6zMjqMW8gDrjN5Rn8S_W6PQVZl8N6m-TW2HsL1v2FX6ssW1p5qCT2mb3vXW2KJbnM7PD43GW6--tRL8GnY1-W6f4TfM2vJbF1VmcWrH33bJRYW1gHJL81n16KDW64qcLd1g5q9FW4j5zNp4F3-_qW4wK9tW92f2h-N1jrg8s15gqSW8Q_3c43mpq6nW2RHYwL8Qsy-mW30-3hf5kS8b-f3WW4fl04
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff86712dcf8,0x7ff86712dd04,0x7ff86712dd10
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1600,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4248,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3912,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3688,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5240,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5124,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4340,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4852,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4904,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1036,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3040,i,1475685892468610359,6940868170177136176,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:1600

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3320

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5587f0c0b42e424a005f71d2e4810b62

SHA1
3b08035bfd73aaaaa15810a2e0116f97da59e3a0

SHA256
04daf3e2dfbe31a209562cadfcdd3ac15804fe36e72784d005bedb1d65351508

SHA512
ea620cfa56cc8fcc3fb6c9c67ff7d2345a969c7a384fe94344d8bb419bbf2bf762a9a0e2e97ddee36ceeffd843712320e4ec5c52cb728b8e730d5be3e8e8aa69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9472f1b230e90e26c9a8015c00965e3d

SHA1
46f6dda8db0b3f0819a2ce1bfbe82eb4b01be169

SHA256
2f7956b61422bc244d90c647197c06320bcf2766f2eba2839486a2b7e94ed6e9

SHA512
b49a61382e1dfb98fe45a07bf911b69137c655601cbd5f6068973a17a1eb6f3f435c444e04ff7990066a5692c3dfc7660e52f570a521db60a1543d3c8ee846ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
45ac3b316abf1e2039479ccf1cd4d6f9

SHA1
4a909c6c558a080c02fd3f117681ee8233a01844

SHA256
fd389d1bd93ca201249bdb08fcf45b3b5a8d57ba8752517295bbaa5aed1fd417

SHA512
97d1135f567c42c262adbf08411102cf40d2cc44c58f4d955bfee98e6471930694aa234af055169d478f9f69dcbf1349523150703d1c50f134c6763d5a105c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
158846bad07a7a968ec77ede9662188c

SHA1
0efde84ce8457f4feaf18be09699a127947e14d9

SHA256
0e6b05aeb1e9cd9118af2f8b975d37d4a461f4386db7b5f812902120477fb660

SHA512
931d5c999323abdf634d1309a8aba5805bb7a7ff23b5715d4df811baa07e10144023b33ea4b64f0e45331727b50106cf6a947c150d9a67917d372668fca9243c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f5b5335fab365be0c1b1a5cc33d3b21a

SHA1
c2817b0565ee8d552f9ba507a915e5fdced72bc4

SHA256
3f9358b0187f4920cc10d9f4e511324c72a51fb12c93294e93f43c9831819d9a

SHA512
b205a7a904ed5fa39b11e35608487147605bb1d0c35bef6f5d35756d599180980025f7208a79b216f913709a48a89e49f8d18aaac8a7dd827f79d7a2430b07f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
09371df5cd7f979d6a31a990cdf5ade8

SHA1
ba1d01807159b2dc18089d1696bb8e9781dff392

SHA256
98aac6db6d0f6906645855d8e8007a928ea63ce79c4e9ae686e23cd9f57dac3c

SHA512
3673d1b1b3da547762072780484148cd0b62f27c2635bea6bdaab1fa92807c496119d488cdabedb8e2d6e91eca5fc366ef597535fb2ef7894fab68066430ae96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
20b496b9566783d65a9aeaf84b261d9b

SHA1
f6a2502da690756356578b63910d971e155d59b1

SHA256
b679975a9a8eeda6753bf67c89fefff35b340afd6fad710a905bcad284b7a243

SHA512
858bbf5adbb6c359638e38fb795cbb3332a710501d938b5609676ac1d1d00030e2519a66544315efed96e2097bc2d8c3d8226571e0b10605a52d31f39fc91a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ebcd2303bcf144071a7cfe93e371e459

SHA1
f4c64de2097466772f745dbd483299e211fb1be4

SHA256
ca092ecb9579a2181823c0191ae78762dff4dc62a5568b0d7b55d3c5e197fe5d

SHA512
36226fd2cdb8a884875218507492d634ae4f0daa316e8c497b91694212ab69dedeaedf991bc30fe0f5402807e834ea4bdaf201996f32c2461812808378de57ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
80d4d1d664f60e3311fc18091740a58b

SHA1
04164431272e24e53a1cff8c998583de6fcfac92

SHA256
d24b0800fe49f15ab66857bcf9dbfe64eebad48d531b3a627bfaf14e490584d7

SHA512
bdeb94abb3f611e977d08120202d13475b393d6e46869d19e6271b105a3d1eb29affde6b128696242f0a73c19b8ea139f84235b49a9dd1ec603f7df03c8761ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e12cbd4ebc2703109034b8ae2a4059ec

SHA1
570f6f119663b4b7b124d2f3d73fe8630f97124b

SHA256
fd34d7c2938c7be62779caa6acc82c14f2ec7729bc215eeeab07c1c88ffbc36d

SHA512
517e0b893d2034da756c6ff56b0cac8a2ff4cdc807de9c05b35f921b4fd0cdcf8207e90954909287fdf4762655179c3d3171c730fb4b760c944a8e029d676883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f56e88e0fc5f0bd4c365a1910d1ea38

SHA1
013d4623acb133b5f08be4c2d6e50658b6eb8bef

SHA256
ce1a5f8ab88dc06fae06c518ee08abed39093d17d6ffd5b3b8f5edb2ef3b18e7

SHA512
92d3270d5d6dbaa897cb6396055884144e69121087db038d36ce9c105a6c87eb429b60dd335590ab71395c077c694034a9d928e57fb56e396465565bd4708599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0f9dbb0a105e3301c7f9aeb4d625042d

SHA1
0830ecc9e44ec3ce162d57bb77ab75b6a9b6462b

SHA256
fac7bbf40c08f934c36ede87345b87d64852ca3864dad317fab629643ea01961

SHA512
61f9a92155f4399e1df37ea711a6f9295c368b07494a552146a958350c1889d778edce4334c9ffb897ff0e6bd65b2b406aea0378b99f64f1989ef72ed8211d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c275.TMP

Filesize
48B

MD5
c186f90433fb828325a6b10c96ce0f45

SHA1
c3d6ec11e4ace088fdbaa437337bf796a0fb0c96

SHA256
49e2e991db93d09f4f6aeeea34aad8fa5c567d0b2367e383bd2d620153b18688

SHA512
a8bc9efeb25ae308ea0fe766c0e9dc808083f4cdef245b76a47fde2fde6358fb246f2fb44217c67cafe5e2edbfb6eaf125711aa65289505bce5555fcaad503cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
2c3d6c871ca894a3b75c7976946ba4c0

SHA1
de5568067e7d2e1674999e04c7b27193986b4653

SHA256
7f9cbb31aa3f65a0863afa56a22afaba9f1231f11e3ad204d10ca990d3dca2b2

SHA512
9409abe81b620a9db6b4a7d61e5bdb56e6b59a6caf96e5a168bc2d9f2f40cc68d61cc7a75c0c062e7397af3b7cbc8b6ed05b5cb79ee315045f0ee6dc88fb458e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
aa77017c8b642ce311c762f2a2afc70a

SHA1
41495628532963c4c0d09de23eb481f321798bb5

SHA256
c841b8377afa2c71db4fca958b7e17129d79b45c50b491bc8122331974a87f9e

SHA512
1bd2ddec6350c43d8a839b82266d7c75edbecf61eb9b4b22ccaeea6a2983d7129e04ddf73f5ec7c2188ca368d3a3fbe84044956bb3f3052d16d00ec9d12370c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0598437b8a1c8fcd010d757e5369630e

SHA1
9c7a86e319cf9fcdc847f048d2d10db73c0e55cf

SHA256
b8e0f81dd572238c655c69c31787fb362e8e5f3524b1023a5d67ce399ae5215d

SHA512
d0fe96465641436c1377ecbe84c30bcd6291c6eb52913bb8207f7ac38374f3445a511adea2dba2088af2055955ac4b7589524c98393cf843a2393102f5be8dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f0ec726837c2c3a0fc192de96249b6f6

SHA1
4a1b63f3cd992675a18029efaf2494e1bfb0a8fc

SHA256
ca53c58f2924d212302d3b505b7b7b47c8bc615f731135de01d4bc37b882ddd9

SHA512
3ce17eabc95efb2ed2811fd17c9b8eb792a32915f120a6d56070a2f847bcc9bf437b03ac2438551379cba2c23fae4f6c3ac7ffab6e9dadbdfea9b18b8ece8001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1fcee22ca63dc12ac6495c283b08fe47

SHA1
256ec3ab529a3ef64009f32ee95e20a90079bf22

SHA256
94ea86e9c47c6d5c5eb00c4cc74df639e728a7f0f044c0c5ad0b720d91caec38

SHA512
08b54c41e826a80a19a3947c7553aa1a85adf32dd284d33493099df1857f690eba7afbde9ae9039c918d29eab10f75a496ace36ee32a62c727df92b32f312ab4

Download Submit