hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/7Dh1C868GcjjAOy7tnfxcyXYQ_

Analysis

max time kernel
299s
max time network
299s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
11/04/2025, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/7Dh1C868GcjjAOy7tnfxcyXYQ_

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
80	5132	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
5548	chrome.exe
5548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1368	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 6052	3832	chrome.exe	78
PID 3832 wrote to memory of 6052	3832	chrome.exe	78
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 912	3832	chrome.exe	79
PID 3832 wrote to memory of 5132	3832	chrome.exe	80
PID 3832 wrote to memory of 5132	3832	chrome.exe	80
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82
PID 3832 wrote to memory of 5868	3832	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/7Dh1C868GcjjAOy7tnfxcyXYQ_
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86edbdcf8,0x7ff86edbdd04,0x7ff86edbdd10
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1428,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2220 /prefetch:11
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2352 /prefetch:13
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4152,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4172 /prefetch:9
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5076,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5032 /prefetch:14
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5488,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5480,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=2960,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6016 /prefetch:14
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5988,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6044 /prefetch:14
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6012,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5904 /prefetch:14
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4236,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4284,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6064,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5832 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5336,i,15258651704720023788,7551447805423470328,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4516 /prefetch:14
  2⤵
  PID:4556

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5104

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1368

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
a88cb4e96edb09f5f2e01922a844f331

SHA1
6f524f531201ac58f9f544f60a2d256b4291c37b

SHA256
dc5b698dcbb8e209a28d342df4594072d4bf2e9d0d0388c0aabb977aa8b330d3

SHA512
fe3e789e0f2b1b77c853a2f4d6ba7e9a7b99e1ac9ab9382bc15446c3f065630459cc19c0de41388288bef5db2c1ebd1517360a163e854f40074644692f5434d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
71680c66cf1d58a51a637cf9c7eac24f

SHA1
f13d230421c316e57d080a4ca3cc88e363ee8ea6

SHA256
c940e249aa39c330b77252edcc57479e3a243255c6ac2921cb3ccda69699ae3b

SHA512
8211da83d60bea7287026809ec9aecbe8037bdcf070480f5df5959b261cecd3d496fb598b50ad8215329c5b9bda846b531307142636e930dd9ed0adf0974a1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
79afa92f52aba2c855110700fd0a20fd

SHA1
434a5eec3dc7bfd9c9da5995019cec5252ec2cde

SHA256
c3f6bd7ec2880c96ae2368f159f3004dad6b4a9093a27bc7571869b62401ee32

SHA512
4ea65617a6e00369d582acf68ccb0b968433a1130cb2cec8aaead94cf99d11f9abdc421e5dc2a78cf1b4e7d9d78e91559ef7b5e625d13a4c63097c6d88249675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
afffb9e594499e6db7bd1463f2a64f93

SHA1
5c06a87052b245bfb2c6610faad42b5a79733f02

SHA256
1e4318dc06b5cfd5f33e9f1fb0a22b8e9555e53594ac50113ae092426b184b3a

SHA512
9ec76f1e9743ff7ec1e55df4df2e36a7f2806d69d7b1d42d4f8c8d40dfb75b0f84d6bde9a9d0bdc3942d19d40ab59013b280b9170f5fc5d8ea130eb7631ea3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45cbcce91da6ff29d2976feb6a37aa25

SHA1
24f1e3b19dede2412d577adcdbaf08f3600304b8

SHA256
372543bcd5e615d8ddd222a2142cae27df1be33e0140f8d0d0391537bfb1630d

SHA512
477f42eaf04a5dbb30336365691e1ebb8dcc145dfe606985177649a673dabaaa7c2de3ec6351f96335ad26d5a84c57a89cc6eb161a2d57464d53c3a083956043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61a580aa4298d36d58305b6f34424061

SHA1
b44e351709ef5e320f02289325899497a784c651

SHA256
88e1b2812139cf0cddc42122166187221286c395dae0fead4201ffb1b6cccb4c

SHA512
052932511e69ec732bcfd4d2fceb7e9c81e88fa20d6812f32d98215ce476585293c76da9d2b46f358be3faddfb443394ac61d55f781ec7701154d02401803143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c3a5873c15b42f36e76ec940d333bc3

SHA1
3c2551e3775771c7899784fa807cf846960496c7

SHA256
63e73def52b7faa92ee41698cd1fbac3358eccf27f99c531504d43f4e2fa4af1

SHA512
ccb9b4aaa63c19ad44ce655a20d641f46137f46379c2b1a3fd9eae8800575044e96d8da2743e5f8926bac88d78170557cedfb7d00d4b002f0d76ac15a66dae5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
998c860c857f803d44a52ebc52ab6a76

SHA1
8609bc6a1b4b95f3deed3fd7a32fc1763cd92648

SHA256
bce95453d0fe8ee3272b0b7f30518e8d2d2981b3c3f05a375ceead0d539fc0d7

SHA512
5c9881a77ca4a037cba39d3c858a31d059b98db1e59402ec259a271b697431bcda1cc2013c1ce3d1a2031d74ef6760d7646ac990f4889bf6749903a6e494e022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f5067381434c23d81c0a9c380db19a3

SHA1
db0410034156285035d95093db3a2e66155b337a

SHA256
c5eb9b02cc62dd974fc855a8ee4a8802259bd46697adcb808cd930e6b68328c3

SHA512
f4dbae505c19408521e2282261e106091e25fbce9cde9fd42a7a7e9ed768acc52f9678439f09f9a1616a6744c9acc6a5119fa7f25f2bf53f89114e9dfc396774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a68e06485464fcdb7ebbe0ec90483ad9

SHA1
a4908db38bcaa1c5124795abf3b7d696f2d4bd41

SHA256
ef0aa951f98273082125af41d3762da72dc40adf089c872241138ce3f16d1313

SHA512
c059a1c06336ee8eb01f0d3cac984f012a1afa119d2891e31c1542729e30f346355671d5d12b598b39040f09716d6346bed068be9d5914bbe95c47b8d56e2650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d7dadd84ed3c27124999833093dc80a7

SHA1
056729baf602bbacdb3c0bd2d8777c2b8a9ba572

SHA256
123972fc14f6444a6103064a97bc89fd028513d0368e5c1f038401abcd1f888a

SHA512
f87140383e49b355fa243d19c8ed19d0bd4d07c8bea588356e70a0cc70cfda56925cc2e842c97b283076f038a0e5e65cc126a84d317b87ee4db29f342b3dbbe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ebb06bd47da690277fc34d049cd4a4d1

SHA1
b32100febc63b5fde679ae23277c47f35474d42c

SHA256
910f3c6b925da8b98e96f92c028d1f4935def038d9d13664738309f7d02701bf

SHA512
8d3c98176fbf86b125f89df3babf367fc0950146fa75a3b323cbebc4fe114568b1586c13ada130b35d18e464dace590fc81e989d73fae152efb5232ea603cfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fb29.TMP

Filesize
48B

MD5
8aed0bdfa3837f36b2c28c92e78bd9af

SHA1
26d14a1cfde41cfb6e5bf947d883938469eb1147

SHA256
67766b29a12e0efff2f2615193b6232437f913946261fd248fb3cf3f4b3bdccb

SHA512
3ab2451fc94a60cbd14b7ef3ee256cc5864649e2319f9642185d5e60aec458c479f5e99b843805825bddbe3bef540629d2c456d8364d457fddc48a6c45b98168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
b2f9b298f8b60814b646347ae5be6582

SHA1
e966793ee90ed29827aeeb7643a03fcdcaba1b89

SHA256
21ef8997862dabf591ca00014cbbdda090e3a546f3e45ddce3e20df4bfd135d5

SHA512
684461cdcbe84f140e3030897c113073757fd4285b77303fe655d178fff93fb02660b674cf9cc84adad635567a727d65252d0e506732fd2e7e026891d9d8b626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
477f2df7c9cfd2a7ec21525e200f31c0

SHA1
ea227e7f5882c3dbd143d82a156d64ef7dcd104e

SHA256
755f6d559a6f2e38f2e4e280b00ae96f2a82766f08e2d563ab889e43657333ee

SHA512
69c7f690e8c63b87b2b5eb627597d1eae484cb42dd16a8a8daf926605385add456b422ca3cf2b172d7682c5e8b2d33ec2aca7c2218efb7e7983379cbb61ac1a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
c7b6148e62b583ff145128bd916ebf9e

SHA1
23f986c2b82a3552552873d1ea368b3cdfe7dd81

SHA256
8091bc8b5e715609eae746fa8048eff27823f9bf38daf12b6d52b5d2ce869c17

SHA512
5a9e54f687efa169ac90a3ddca9c94740295978233df092af9cef37c0eb724d843d1bb59ecaa9b9bf66d33186ff7df281a7aefbda72900e1455c7518151001be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
49640b96d04836eb1afc7f742a7a169d

SHA1
60e12cd44f6b4355f77d637928f1dcaa8a5fe4d0

SHA256
1030123d1fdd91b66fa902a7ebe65884642d0d87d2fb8777c58494237a20d346

SHA512
9dc91583b69b89f5e35d003be9c9597d846c122192856e3e88270de10c051c2972c84629d6602453e288f7e6ea8a5ff74a014405ef617d0718ed96b794ad07c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
24KB

MD5
527e207c1240584c67005457d05589af

SHA1
bce4f9bfb408f49550152fdbe7a2ae0fd059abcb

SHA256
8a4379052ffc89dc7ee29b5aa6e80024fba2e2e2cc98d22687ded49964336567

SHA512
233229d0dfe1e075cdf660130f27ac74b6c2d7e491c9c9250813224b46aeddb8c2c53549bc2e3707541ba9f9d21d3051ef07abf1cb511e5de58efc4e4fe28f9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
67ae95efa8255b9470f86f2d8fc06a58

SHA1
0573d2354b63864e350c555ed89fc448e8d3e803

SHA256
afd8dacb79204dc4c86303d7fff62b6cb84e524e92d01739c2b6ff18db2ef313

SHA512
7a1d526cadb93160a541c3fcf161535a9ac88e20c9dc34b2c9ac7f29e7964bf7a3368ac739524247750ae1d2a5848e2ab79aeb0b9d1aad17e1e909a3f280e00f

Download Submit