ff5c4049c0e75a90d7d594e3fcbbe20746a882388508b92bc9170a081b0091b5

Analysis

max time kernel
899s
max time network
796s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MonkeModManager.exe
Size

250KB
MD5

a6a5a8473858b8cbdef37d4be463ca34
SHA1

35c3582d3badf847ba775169742b43ed53fea7ee
SHA256

ff5c4049c0e75a90d7d594e3fcbbe20746a882388508b92bc9170a081b0091b5
SHA512

f5f713936fe216d0a994925f5ed2f68be9241bcfc68cfa8dc3c216781eae73b0abe5d0d9f01cd44ac0d1a85eb73d1b30a7a574734bd9e83abbf42a04c0d73ad8
SSDEEP

3072:wAT65wV1QP05VFt/FMaIyEzE090HbJekvkF23P88RaF23P88RgoE090XaD:wATRVVFt9kzE09YbJZsWPKWPHE097D

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 2 IoCs

phishing steam

flow	pid	Process
63	3900	chrome.exe
76	3900	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891159382809846"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
540	chrome.exe
540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 112	2176	chrome.exe	91
PID 2176 wrote to memory of 112	2176	chrome.exe	91
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 432	2176	chrome.exe	92
PID 2176 wrote to memory of 3900	2176	chrome.exe	93
PID 2176 wrote to memory of 3900	2176	chrome.exe	93
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95
PID 2176 wrote to memory of 4760	2176	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\MonkeModManager.exe
"C:\Users\Admin\AppData\Local\Temp\MonkeModManager.exe"
1⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff94f63dcf8,0x7ff94f63dd04,0x7ff94f63dd10
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1984,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1572,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2396,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2984,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2996 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3004,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4264 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5528,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3380,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3156,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=208 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3192,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5920,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4320,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5968,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5552,i,11092341345612625657,11495038339801841152,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:3616

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:428

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
05d85e12c122d8ae8635a7c8a2493f27

SHA1
508e8e7b79b4a67b48b0993db7da064391748ddd

SHA256
b0fc77d164f2bbc6a19a034acb12c1b3cb01fafb657233d0ce8d606769f9c344

SHA512
174785dce5349c1e60895824be792e2c37af15b568102f6700dd9c405b51b94df13b9993fa1bf266eabcc5545f03ade2f4b6ad85654d56c3077b18f2d50ff524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
36KB

MD5
fa88a6b7d76d38dbcd1b3dfc8d8c192f

SHA1
fd6341788429d858a0ee8f466668cce580a3c0ad

SHA256
b14a017f4a21fae1d261b61e884ab1a22a2b7aa1aa038a85b176c73a601aa1e3

SHA512
53626b9cdcd08138391810af0cc7bb8990a0a3354bca05db6065930aee616f4b328a4cf4a3ff667461d319bccaf713d6e79f040bc5867ec1f503e2076f2bb49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
544fe8bcc26b68d18249a0a15f5180f7

SHA1
8344f8fa9a68d3bc0071c1c10446c0d20d8af494

SHA256
4374bc0bb29d7e71db2b8fd8cacd70e9dc0c210cb8682b89ccb61ad928f2afc3

SHA512
ca84f17705ee1bab9484e8b1444cd6efc85bb53c4cccee244b05eec79c5465766ebdeccb5e92a7c3c9fb306da12eb9d630de08a43a2e55bbabccdb1f661f1f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b9ba32528e698ade067ea64011f33108

SHA1
6e60b5009bf12cbf8ed005e504920666e2b7d821

SHA256
4ca2c085955bb244241d89b6523661f79748e079a93ec44fe6c81e11e656240e

SHA512
7aba2bb3575c2446a22674de9bbef5a63108c21c518a608bdbf64a1856c22a8e48670262695f2f687a08e03ed4a627ad655a495eaabdb21fe98eb7fc6aa4e586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b4ea7d099569dde5b391241c5c4f8475

SHA1
618352e47037010bab868691af07d675a466c809

SHA256
48321b683bd87792d97e67d41cb5f687f63f8b99303b9d77fea386bf9c2c28ac

SHA512
b85390514f9b6337db9bb0cee4094ff2facf096831e52e29a3f037037f4538280f50a2675b149054eecacf4f46d78f142d51499576d9fa42d20c32e779c4ad49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4b55bceb2ecc1499c199ddbfe5ebc3a9

SHA1
30072325bb33892412dd539659837ae1b9fad141

SHA256
2226ca707a66fa399bc10b7f87a70d69f1c59d3ac24ab530d0fc19f4a593692a

SHA512
50ab73256a3a03d716a1092731d202c8095a85af071ca33873e35dca3761751c5b6d470777cd1cb734bc882fe9d42f3b15dc9c8d07c01a6f7438493c0e106d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bc9c40eda89b803aadd69ac28657f9b2

SHA1
ac94bef4d820c04c56ad91f297c30bef2223b39b

SHA256
fcd36f93ae7521c07a85127a4058ea4008f0b3f84955d9db1457ee8b76256b25

SHA512
d0f7b1c6c26fdafc3b211cae99ba98ea8c3d490f40233d2eec0c7caed5fabc0500cedacd8f5cf5665b635e7c858014cca33915d82fbb42b1dfdf6da647b19908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0f91e8899679550e7efb38cb5a3e3474

SHA1
ae9863c73aa2ab7b3942193d764e5ffd46ff4825

SHA256
8167cb4a10329ee2ea8ead4fe724c72ea4de43e3a55d6497917d21b3afaf1f2b

SHA512
330edab36a1d2e253bf31d30cbc725288d838c82bd4c521fb6fea02dd5ca42d3d9a8010d65090babef0969bec57eeb4b9891e91846f6b9c64191fab25e89a7d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b24c988fb42a00311fe87ab004a855e8

SHA1
edc66b73c58dd69c8e7bd3650392a3bfed18d98c

SHA256
71dea5861e2b45239900e5815531835a8b96e422afba28955a1a712708c03bde

SHA512
f6297126629f93c6571a2e4e667eb774abd5c088936ef7ced772158059cba6f4efcc53ea9814abc004e3732ded9184dee08b2be0c8190960da0c581b6ee519e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
639e962cad17d6aecae2e3ef3c6d54b5

SHA1
c450c0874d51441b99257ea24d9a01ff010af099

SHA256
ba80cefe6d45bae9ee1b142d27a651b12d01339eb06937fc4a4237b11755b8b5

SHA512
7151297c5c0d45fd3c2f1e811a52959d216d556189f875455e91b653385e8d0bb6865353f752e26487843aaeddfb99101e4731a53d553bb1c75b38df0837435a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d7cd375bdf689e2f1e628cc361bdfee

SHA1
1bdf3d3644e24ff9faffd18dc09bae83e9091f0b

SHA256
7b99d5dbde3ff907a5f2dff3fee51f6efbf41387a86b7622adbfa393bdfeb894

SHA512
be63b14c62cd787a9ac7021f1b21b3e51ac7265769146395907877784b7017534eb970c421b5407d301229e19e8a57ef2510a0daa55dab8aa2d6ead6a5b333f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
597b9a39a34c011164ed8e5098554d12

SHA1
3c33ceaa6e8c921987b143c0f2c339da5468c372

SHA256
01d73ee1f5cb064fbf6d35da28bb014c241b27ceb4f0db98fe15b1cc95be0e1f

SHA512
7d26efe62fadeea23e1c17500f707de436b8d2c1d082ff8c9c701dd5ae597d2777601e15565200038a9f1b0c7cce2ed3b82bea27fa2d04c76c0b7b77d2b547fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b452305e588d2f01cff2ae9ec47962c2

SHA1
e6ce7ac9cac1864d089387a3081ba7ae2d1a298a

SHA256
781ba257e34a8d692e6254c18b416a0406320871cbce3e9a75d47e07172dd564

SHA512
de7c5166594b820146c2427eb8c1c8d288192f3e757c60e2b0e1516f9f9fa12ba4dc7d73e2a0b9e9308c78dcd78851446931b23f5c2816699edc78058f3165d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a36c7ce96748d6fca5543308b83a334a

SHA1
e38fe4377dbf3b256fea232816aaa8f3a72d9970

SHA256
90b07dd51715593363f8aa941241932051d2f4869ab98017662eab9a510a2753

SHA512
c95be0c99ea43c87016d4d8b9000a662dda74a88936f16c09f6f59c58647bed8139d7109e1ab36573b3ac94907a8f620372b24c7f7b0a7436ac4f8ea1d03edff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8cba19a73dd1b6e431af56a496f344ba

SHA1
501fa2e921df1c774580d26f5b414681ecadbf37

SHA256
dc8e74f4607109d7d67da9b053425022e339bb68ecbfdbff6f33dfa883c40487

SHA512
92ee5817eee260e801c13c05c1a89e1c1ede2fed3207368d989efa70507c07a84ff5d0d1e70c0aa213afd86a27830401753bc807a86bed7b3f3bf62ea0417cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ca00466ca1a0149ad5ead49a0c0172bd

SHA1
4ee2e467e45e1f9e0027b5c18bc2a90b6b30897e

SHA256
0b8fb3603dbb9a3a379590eba8c942af081538945b121cd0418dcb36e91e6483

SHA512
bc8b4ea0178f93accdb3d580874537981dec22a05c0a54569721c5c5dfc9fe80944a1d444ccf9ffb355943e9a34e94eba8b848b8676cf4477c70deae667a4371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
083bebac134906ea173fa2d582a36c70

SHA1
baebd5500bcc73f42cb194efbfb27be1eb008f5d

SHA256
c559fb768014b0c992f0485e61ec05fa7f0d10b5dec4f573c9124d278734a8c8

SHA512
482a6f8edb29e60dfc232a81215206d66c76c27b8a7701760bd61a039fcb648afaad37b38b560fe7f3aacf89ec7bd2a34a47a8a6228e7a2a07de9df2d26e5fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b6c9fce9eadcf1bceaad2a4608f0d908

SHA1
844cd892a655bb43b23302eb4f789d6ebda9923a

SHA256
1e490d487307f771252f518baadd9b68667bf815c065829e0631cd544cd53636

SHA512
c86df18ff69f21471beade8e5901f3207fa380d4a8946d3ccb69fd4b8f205ec03374952967dfa548e4bd737aff1e1ca6b26c80c7d3c7554f8d982c26be572996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b43c.TMP

Filesize
48B

MD5
dbec39e9a004763d60141ac19c22cb0e

SHA1
a92438de2aa3f4a7ae869357956c15211c7718b4

SHA256
fb8fccbbb78bd9552bb25610e6e328f1848c7390c0eeece31a1f67e731c6ac56

SHA512
c9e1880b21dc7b42505676beb6e0f20ae1960c9b0f903b82c7db39f512cfb42b313872bd005d5251f47d369c0c3d22aa5b8502d7fdd663fbe9541e56ae29e7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
870121b9fe61a7a217aefc00fbb01409

SHA1
dc5c873ca528b2a7621b8213c48463cc081db7a8

SHA256
49e179e327f3964175c2270fd7473a81374faca7f3523fcc717fe36a128e72dd

SHA512
7c5ad2c42ccab8525f22d0056bf6d116a47f1cee2d24b7df6acd411a7bd9b979d739fbb3d5369dcf247706d54b7e0c02532508bf99ae94a75c1a069c692f2b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
2b5a76b91450208063a559de21223269

SHA1
b3f03adbad1d19123fd1856621cbdb321b8daf7d

SHA256
b65b8bd5f45f450137e88bf8accd8d09531cc4819a0bc0bbac794c63f6289a6b

SHA512
ff9edc4f938793d81ba9eebe987feca964135a0567ad143d78e4df0521944dabd1f5a450754f76fab9941e583b2d69f702db94bb2f01a699ba65070df4424d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
89351ce5fd134534f5ca4a105d8d3b0d

SHA1
93f108c85f67c0e0f4aea97c3b8211a5cd402900

SHA256
8f46d2483f260abe907ad5749f6c75830bf9e12b09753ae412a34f4ee1f65e19

SHA512
a19382dbefc0110500cfe069c3b8d141d383c46a3f72d92c57c502eb636474e5e7da15ab340a86fb19d7c76060bec87fee8c1460085a38802f1ed24e1db69e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
af2b323dbdf4bdd83c7595adaed2327d

SHA1
5e6e4102cefed549c683660dd533ffe97e784946

SHA256
c41f34cba79e59c57ae6a7c573216a1e8d134dcd0289784a4fc3c8dda567635d

SHA512
d70f9632b123503c964c6f6ae9bd7bffc93693ebd66c099dfd32d87558cf293c094bcf3979401ca9cab7308146565ad1b8666b6ca9f01237e2b6cc1e0bbedc06

Download Submit
memory/4960-0-0x00007FF960593000-0x00007FF960595000-memory.dmp

Filesize
8KB

Download
memory/4960-1-0x000001DC571B0000-0x000001DC571F4000-memory.dmp

Filesize
272KB

Download
memory/4960-2-0x00007FF960590000-0x00007FF961051000-memory.dmp

Filesize
10.8MB

Download
memory/4960-73-0x00007FF960590000-0x00007FF961051000-memory.dmp

Filesize
10.8MB

Download
memory/4960-3-0x00007FF960590000-0x00007FF961051000-memory.dmp

Filesize
10.8MB

Download