hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/qQqFCkZQYhnnzAglF2fBcGVPVB

Analysis

max time kernel
299s
max time network
297s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2025, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/qQqFCkZQYhnnzAglF2fBcGVPVB

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
28	drive.google.com
2	sites.google.com
11	sites.google.com
12	sites.google.com
13	drive.google.com

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
78	3384	chrome.exe
82	3384	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe
Token: SeShutdownPrivilege	124	chrome.exe
Token: SeCreatePagefilePrivilege	124	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe
124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 124 wrote to memory of 2348	124	chrome.exe	78
PID 124 wrote to memory of 2348	124	chrome.exe	78
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3400	124	chrome.exe	79
PID 124 wrote to memory of 3384	124	chrome.exe	80
PID 124 wrote to memory of 3384	124	chrome.exe	80
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82
PID 124 wrote to memory of 5204	124	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/qQqFCkZQYhnnzAglF2fBcGVPVB
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff548bdcf8,0x7fff548bdd04,0x7fff548bdd10
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1948,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2180,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2208 /prefetch:11
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2492 /prefetch:13
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2860,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2868,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2936 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4164,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4184 /prefetch:9
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4572,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4756,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4716 /prefetch:14
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5140,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5576,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5484,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5820,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5784 /prefetch:14
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5488 /prefetch:14
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5888,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5824 /prefetch:14
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5868,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5680,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6096,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1052 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5896,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5884,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4252 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5836,i,8606623139653388801,3061992803583625565,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1420 /prefetch:14
  2⤵
  PID:5716

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
06d7ca5eab3dcbdb4ef2fa605774514c

SHA1
6e52f6c729632ec9010c22ef1b5505f3585cb1d6

SHA256
a1cc5c96d3e99fa73e72f18f2fafeb2a94bc255e51bace682ca4ae2e81275805

SHA512
c73cb69c3de92b20e6981deb61e6ced68094be9ae3afbf919b3e683b04fe082412b2bfb06b93fcbc992528de16c8780c6760ded50222701abe89251117223967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
b2c85268c0388e6392c1c06b20311b19

SHA1
1a9f53dd894c65bdbd35f0299652099ac6c45d21

SHA256
12001418385c421f41784e5177407cd014d3bee35d58b2d2ed42a62b05ce1856

SHA512
0d86fcc7e401f78ef61e529587619fafe35cd0b118d7f9112a379880cc6ecc469588cddab138e137a4b53267c61a068fcfead0d520242dd8eb733726cea725ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
98131ffa6569d67622f63a8a3be7f242

SHA1
7dd440f531cc76a7445be64c59a8a64a59aa0fd8

SHA256
71cf7e514bad107a7cce19ce3179df69bc0fa9fb5a48498decec81b08b27b357

SHA512
0d3019bdfb6dab3bad0fb2c127d47beef4470ab3d0c6ba84bb4128af4a15f882b5120e080f219fe00fca1fa6c880f436274160a0abce741db6b01ed697ce8c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a57a92e7ae5e17e01050eee9edec4ebf

SHA1
45dea385fd53cb520cad8b84a1394d3799650e23

SHA256
b1417a4a8e335d5fed5941449ade358205dd4ef11b9694f15c9debf323ad96c8

SHA512
4e2c54f75d77ccc7dc72ab7c41392415a8f2ec23b29eb2cdda377aa469e925a56af60f764369c7e0076f1c94448041f484710beb04bde476f073159308ff9309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c39eff1d6dd43a705023dbefcd32014e

SHA1
e2c8556d7863e816c0512e2061482581e10170f8

SHA256
47f404fa46b8dca8a9e1e48af2473ec87604ebc05e997f67edd902cf345ff057

SHA512
7d7110395fd362b038a03706b8f3cb398863163a4b3126ed882d4904336679ff695a38ecb92a584e83545bdce3aad93a4cb0b6f4d29d4a1df1eab23c80b5c4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4fb048779c114fb3c4ea574efc691a0

SHA1
d19cef11563b6b002edfcef798ab939e039b151e

SHA256
c9aa5bda3de1327b75470d78349b692abe3a2ea4a4c4efac11b8649fc2562f5c

SHA512
dc9a0da4c6afd47275137fa21902ca2a8b5481f354dd00896fe1fe93dc12ddc2843de3f15ee0e623132404521b2d7254481d438142d650e0e47980d10d8ee141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
affcacee18b400840ec511468a1f271f

SHA1
5baac39eb17bc6e2e38851a003ac01e02fc04442

SHA256
10540ceaa365bb3cf94576f894b7ddf68dbe6cb41318ecd7560df7306e90de72

SHA512
eba0d8d18a4f994965ab93ac3e8c6e074ec794952a697144e2202926bd5a04515ddee8c09cd3e64d14eba52f4481b37ddbd765c39924ab9fcc9184f9c34e6315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
93975b053cecb012e544069bfaa53db7

SHA1
8abc408f52ab6f03bb2da642cbbc92df740b49c1

SHA256
a513c15f1f9814790f9d649ff8e1c8e36b5748ab851b1ecfe518ea93d6ec7107

SHA512
825f96e4af4d398374a2738f6799642e4fa25fdf8edce6f18755f13e76ef90128ac69d29feab42f3919dab67975572043fd804c421925c5f6336b45a35ffe101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
818333df64ffd072a38c94efe1e59c94

SHA1
89015b5fe1409e9cc3263f942720c7ac68e09ff9

SHA256
3cd17f9d0f1ef88487b7f463a646b8a3a19a2f5f250d503392396e9ea61c0c3e

SHA512
7ed61387a8567ed7961376ff55e13bb73fdf2f877d5c10372293e5bda54fe1e09392015fcccd37d99d244b1c6a214590d57e33c694ccbf514a0e7fa26ee32af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ffdff09fc5a2d7946237835a285cdc60

SHA1
3a77a7c9a669c37979daf550d28e13d8e578d703

SHA256
7194a346fa439c2622c64a74126da110fb7f83399ea2eb2c3da6b1c9decca2b6

SHA512
3c51ccd8ae6b1c86c95bbbcb2d4bca1eacb56f7d2b6b394234bc20840ef732a51512e6c448b152941fdf5e86d1c02aee4ea57e494b99990c82fbf5dc18675908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dac29740a68e0a3d0ae68157ce2b335c

SHA1
d3d1bac15d477a812e62757588ecc94a4d7c75af

SHA256
56c564105c657679b59fdd919b651ee82e00660f2a2a5125826e86745551c726

SHA512
5a1c2462494adfdd0a5be4e1dde6ef72811020cf1f34dc85b921bcd2dd84610ca844e63ca9bdd2c26e513c2b4586fff1c28969fcb68de7a4c7f4a19df68d4745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f1a4bbfa9b56b20cd43574dbda8ce13

SHA1
da98df15e78ec601b09c8a8138ed0e180906237b

SHA256
e34d769eb2d963b40dbf1bac5d7fee873a25bb52a842c6a3232490c5df1053c5

SHA512
d4168aba8e0b042a4fed502c642405ef78ec7b1d3481b6986e85095bafdd879b7dabef1b7b299f7b21b5c4a2ee0a5a5e54668692b37d5f5f2d8d0615158cde7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
235bc72a92e253bb3236b1cc3be38097

SHA1
1ac2c1928e969a40c9daf812aab6f54fe7c390fb

SHA256
2d8cfa9e7f362fbe8dbd7aaaa42258e67803b8c33562ab355089bee069a36ea1

SHA512
bec58532823c8c30492f44c51b69ef373d44f20189b16717ffd93d0d137aeb18bb1bec32eb64d5578300f7bf05f101802692f95bd9139541a0b2be91dd5d27c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bbd531776be92a61534e32bb150623df

SHA1
45e50298a4eb970ae939c7caeed29220b2b4cea6

SHA256
24db702b6f51877120646c09dc50e759fd98874ea52a859f66245d5114fd6e49

SHA512
a54659c66cd7a6ae6aa5c0d26eb09c8e6f3538af68f3805b2cf8e6d7b99e9ba5b9a2a19f385f4459e0795f7bca0ec64b9eb3099978fd0cbf0a26e5dd1984834b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b4b9.TMP

Filesize
48B

MD5
07f2f476b5f9e6df0238e04d85ec8678

SHA1
d3c17dbb572a4a055e64f871331c309bb8463061

SHA256
b9c09432acbb7dd3c8db65096a2bba5714006574315208fdacfabcc2ca6062f4

SHA512
89289658163ca558f699be219d4dedd01d82308a41ab27ea249e34a08fd0ae7b52f785f53cf7c5d936e67975ebd8cce3b80badfdc60b0f29a3c8d3cec01e4fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
aa86409cea58108601f7d7053c7a3d28

SHA1
2112c5fc1f41a9bb616cf3f6cace3569d6a17407

SHA256
1748439e10ac8deaf95f58bb446697b55e0ff60ceac7026bcba4543f22c60484

SHA512
06ca66a9d0b205a3bc5a684f5c1dd8a417c8ab14e72e3320f0f7e13f14d596b4f614b74238974f0459d3804bba2322bb4a7e7a4315265aaed2f656526a836065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
0c8c6e5b6246d8c8f50df92123cd8c1e

SHA1
0b969b8f065f0d24e54e0b4d85feb482df3b5eb5

SHA256
3c748b3a6599bb0469486718d0a9144c7da6d62cd847e0d19d134968050dfc30

SHA512
0e8959c72338948f91ac5e5d7f7f43338a825f633c5fdd12fe7e86740aadf6f55e20667b7046026bc63ee10f8f48b47991c870b7be31cf30f9fc057b53c02fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
15734334dcbd8d51cebce642b6f8c9f1

SHA1
972cb4e44ec190c718d257906ee562b2f508cbdf

SHA256
2c314e0078037ab7cd1138df92120342dd0dd37d6fbfc9c90f48628325462359

SHA512
8cdce44bb1ffc73050e994bb5bdd7aff2754ebed3da16921f04cbc039a306a4cb07404ff6f7236ebb4274e280dab793ec2d144242aba9ccd9c1241646c351c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
7970908709d48ac0b3899cd22d077604

SHA1
fbdf3b43cddde86f4273280c1cfca1a9319ca0f3

SHA256
0d0e9da15ecbf9174820c8dae0945db2c9ff231cf562a0263bee4e30a6e28db9

SHA512
5f8ae2d63d79fc30d41ddf2e3174bd9883535b1ddd1a4ab3b3a6ff1f1fe0a9a54e470492d5b4bbddae6d51c8cd7063c26b41bfb98a63f7d5aab4439f89c8cec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
0d9d9ccd013665f32aac27cf321896c3

SHA1
74e4fc869ccb3face26fd3d745c931f90abbebd8

SHA256
4f5c4b6e8fb6ecf405792a9371cab8c01c8f325a39fa97406902da574993b365

SHA512
a1de46b167a9f982151915100c777ff9357cb90e13839d97ef044af8f734cbcdac3509cf60217b54d1d8a9e1ab0754ae356b04ace277e11550b1e5adea99ef63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit