hxxps://urlsand[.]esvalabs[.]com/?u=https%3A%2F%2Flinkin[.]bio%2Fgbmsrl&e=187d5686&h=22bd7f0b&f=y&p=y

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://urlsand.esvalabs.com/?u=https%3A%2F%2Flinkin.bio%2Fgbmsrl&e=187d5686&h=22bd7f0b&f=y&p=y

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
30	api.keen.io
32	api.keen.io

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
100	4880	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 5112	3480	chrome.exe	82
PID 3480 wrote to memory of 5112	3480	chrome.exe	82
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 4880	3480	chrome.exe	84
PID 3480 wrote to memory of 4880	3480	chrome.exe	84
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 376	3480	chrome.exe	83
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85
PID 3480 wrote to memory of 3596	3480	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://urlsand.esvalabs.com/?u=https%3A%2F%2Flinkin.bio%2Fgbmsrl&e=187d5686&h=22bd7f0b&f=y&p=y
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdec7fdcf8,0x7ffdec7fdd04,0x7ffdec7fdd10
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2044,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1956,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3204,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4468 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4776,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3280,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5008,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5756,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5932,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6152,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5652,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5768,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5796,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5836,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4752,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4716,i,12710978861686955451,4469602753413953808,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1552

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5500

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
6898183ffcf284bf8afa82d8dece05e6

SHA1
ede202fb361c20a24a9cb513de467592691e7908

SHA256
bccda7fa356f1d86145e3a64e4c1f4e8b97e9881959b24566d5cb921294381c6

SHA512
c7b06c8a8d9586030f676455ca7ade8a7c6d235e196306db419f76d45d8f0032f4ffbc9670aaf501b9f523452ee466a1138430979c26a929d110c2a4452014f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c5162214e7b26a7d6658067c6c71d7e2

SHA1
db732e88cea347933f89c701678917a46380432f

SHA256
9e6d9506009c29898eb870b3ea3c03742e4d792d2d2e7f27e604d53259d540aa

SHA512
4dc58b7963d884071956c5ae40b501868e2fdd4c87b2563b876c7be3a22ee2a83b24b55a666c21a62e266173a6071c58b561bb6ce73b031de35754a67584fa95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
aa7621d4adfd65004700c7677a70a227

SHA1
431dd948c79bfd47a6064563cdd8a3dbc8646568

SHA256
13d68ce9becd9263ac58037bed6a11570dab2590a8bb14744a5d4f969a384d2f

SHA512
3eae6a3d089d6904b08da172ffdd2131ebe3d5ea5040511fb98f0316b8dd4004a1ddcd3b1fa1d708581457ef70775c62080be70b6816f77a17110e952ccbd0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f820ddf719231b3915aac63e3eb058a

SHA1
4cd90e3aa3623104bfa069c7aadfc78b46fdd0a9

SHA256
b70cfc387e7be3657e0953266c18a60d34f44d4c12077e7bc8b5b79168466608

SHA512
3b66475698ca2d00da59e61f817d2110457fe2a537f637007427cd1769dcc55811758485d82766ffc56cb7631e7f6e337f2117108368135bdd97a9d59150fade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5cbbb96388ee4fd7c28123e44f71ea86

SHA1
bbb1a5ea227304aca4ad2d3098f172374a3e23bc

SHA256
f90e3842e924bbccec5e7bbaa1f706a13eda3fc60ce638f1f92fa75c534a28ab

SHA512
40a790f0e9a28be11e0ab07a51aa766943a0a04d5bc45eb2816d29847147359287a558e6675da7e8af77367b506f15399e07b4cc80a9680535c0399b85d86c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51114eb15ff39fa6b34233e78a040400

SHA1
fc8c649959c22f6a1de02109009246e1af0437c4

SHA256
ed43abbc778a3c3ce6c2406c4a8f6488e652db8d28895f21a55d40121a4b9c2e

SHA512
798c95677c7ebee0938f775fd6f854572155d51be9f4be64dc6233ecf2f524d481949bdefa203efd4565f8dbd00e6305d1a0627b7f0cf5c276eb7b30bcf9da45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce343c7ca984a41c6da3865065b0c66d

SHA1
30df2cf5c885f3cfc6d6b660f87b2436c1364667

SHA256
42895b9a0425e1e6687264bc00672beff729fca7294894f4a3d73c746ae0f67b

SHA512
432a49e355a488440cb754be2f99d4205e432584285b83f666580214e322259efe6ddad91084fa6359cc44256ca88d29a5c3e594ad45d946b1503342e4b51ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0289e5df1e4cd84de10e93a57cd0a536

SHA1
eb1abbd14d3466145a6169975d45eb5d9340e6da

SHA256
bf7a745dcb710f3d8381187a1e2207cb38d5ada80e32b896ca52a1f394ce1e31

SHA512
13e6396c2d3316b5ca4f8b07df81a3039185c4733348190b0ccddce0c945fb85948827d8c69e5b306913ce5986770a44e1f68a6c49798ab3fa83ec76abcbe814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
80363a8459f257c88bb1017857a23bdf

SHA1
9e377a98d4ebd5fdfe0cdf7566cd5f71af66e80b

SHA256
3b6d982fa98fe121e0fdbfb1e6ed49706dd1de168603c4ba9c976fb22afcd262

SHA512
ff0f974398784f46b1e2166181322ec84dc33270f894af743ae30d70286f128e3420d4ecc41f8c4631abe63dcf52388588d6fb2bf5a211bd84521561b932dd8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e4af1.TMP

Filesize
48B

MD5
40fa278d31ea42e5d564669b0a70049c

SHA1
2ee59d257f44cd15efe694a470d0659083c82f3a

SHA256
ff863d69d967c26dea05caf26606cfe28485564768ef57fbae0a5feef7536249

SHA512
67edc73473776bd7570cec119dce5beadc594bb6e4d8f3585ec76cc41fce1ee82cba26965c6e0091ab55e23ca4cdbb6e48db55eff57edf47ea1ecdfb4e593ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
e9ea1f2ab91de561d1b3118108f3d68b

SHA1
a7faae41e03ba501be5a0a136eca217a7924cd93

SHA256
86747bc65d24d0e4b1d5bd7dbd5218845d4e1309344702391cc058fbd537217c

SHA512
94d487df4d0042076d9842b8700579e4fd1d0373113bb73e69d20820239a774e87d5f583bc0af2fd6cc24e1ca94d6487bbb7faaebebed792acd73a0926678f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
aefcd4125b7c446151ce84e90c7a2913

SHA1
cc198a3026c1260de1a680a6b96c7aeb813872a2

SHA256
71fbc49ece64d896d4368f1c8e9059e14d7c7c688cc893dbd247b74a9e9dd832

SHA512
4943eb66fe9763cd812ee86afde2bbba1e56df20142190e493b379c984bb51b7cf3ee050bce72a94d02d9c68047f2a384955be292ffc31fb3ecdc03638ae0893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
723568803da9e335931977c27997e590

SHA1
476b24fc3bbcfdc5fa7484441c92e802772bbcaf

SHA256
e443b23ec8c36bf6199256cd78b83a4f3c358c7e28bd57ece90e3f68ee76b313

SHA512
e93db9027487cd674cf336954c8c80480f378f67f6b22040af1a8afea969a230889979dd9c57adf24f9b70509ad82960300c0af34cd5f9f5574f082e6147b002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
b40518181bc5c4f763b5186ab22a0d30

SHA1
65fa316803e4eefa260c224bc5c443c0c7b4f62d

SHA256
326d2e7ca84054e637cc3c9ccb7ee4da166f15a69f0b1503bed4f77c4a875482

SHA512
83fe1d99f10fae1ea7a910344a8d0e0dc60bd90471c4c04bca8a6ac026737df2fcd8ad1629e251967cd3deccd6d41194ea7d5f655711aebd046da4c4a680fea6

Download Submit