hxxps://campaign-statistics[.]com/link_click/b4Z6O2-Vv6KGnO-3eiq15/90926e5d4114866c313352732230d748

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
14/04/2025, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://campaign-statistics.com/link_click/b4Z6O2-Vv6KGnO-3eiq15/90926e5d4114866c313352732230d748

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
26	4940	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891269599538654"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe
Token: SeShutdownPrivilege	568	chrome.exe
Token: SeCreatePagefilePrivilege	568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe
568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 568 wrote to memory of 1436	568	chrome.exe	79
PID 568 wrote to memory of 1436	568	chrome.exe	79
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 2588	568	chrome.exe	80
PID 568 wrote to memory of 4940	568	chrome.exe	81
PID 568 wrote to memory of 4940	568	chrome.exe	81
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82
PID 568 wrote to memory of 5104	568	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://campaign-statistics.com/link_click/b4Z6O2-Vv6KGnO-3eiq15/90926e5d4114866c313352732230d748
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5dcbdcf8,0x7ffc5dcbdd04,0x7ffc5dcbdd10
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1864,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2160,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2208 /prefetch:11
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2328,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2436 /prefetch:13
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3980,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4004 /prefetch:9
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3960,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3396,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4816,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5464 /prefetch:14
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5732,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3428,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5688 /prefetch:14
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3284,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5768 /prefetch:14
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5884 /prefetch:14
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4040,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4912,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3964,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5980,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4960,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4108,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3944 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=988,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6048,i,13896616256724746092,6267458894677505532,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2088

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:900

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\63a32dd3-7c40-465f-be15-32e809754fc7.tmp

Filesize
10KB

MD5
4edbb09c802822535c7566b31e0d96b9

SHA1
e4d90e362782605f8fa9fa32cebced5729c68b07

SHA256
7cb91bead59795a30b84274a85ff4db07bb22508af332f1120f55cdf0bed3075

SHA512
aa5e4f46846db08d80d946ec98d8fdc62b99b255cba3392b6110b7a57e7cdc23d94c8296b849f1d0cbe5c741832a3b16ea6e9fe398dfb8f5804341da19cde8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
7ce3cce6a013d40856c87723df4b024b

SHA1
9afa966f241b0277eca02b5370bf9369877008c0

SHA256
ac52f5a0d8cf91f2425f4e0443b7facd1c7492766fb13adbbb34e4a8e15a36e5

SHA512
6cbcb2597ebefdfb7a94fbd611517a3e4bdec6aa2138439534a19dbb674f03064030eedc72758e012eae6fa78bde43e34872a53874766080b1719c73e804119d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
19KB

MD5
3ba4d76a17add0a6c34ee696f28c8541

SHA1
5e8a4b8334539a7eab798a7799f6e232016cb263

SHA256
17d6ff63dd857a72f37292b5906b40dc087ea27d7b1defcfa6dd1ba82aea0b59

SHA512
8da16a9759bb68a6b408f9f274b882abb3ee7ba19f888448e495b721094bdb2ce5664e9a26bae306a00491235eb94c143e53f618ccd6d50307c3c7f2ef1b4455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
672KB

MD5
3b72e939a304ce05f0ceab4a0ac39dd9

SHA1
b2cfd3cb1bd0ee53c795e040063d0f55f544d939

SHA256
cc58721894324d6f6f53b7fe4cb0d08f923aa75e52506c0a58d29e4390b7cedd

SHA512
f4af43ba51b76496c98a30f06d9903440c4957e18f82b09d2b9c706cad5939446d8baa4353fd0620a2f68cea79878824cd2313594997f0f8403c13ff767e6112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
4ba144369b0e6a433513660636b9bb86

SHA1
8478fa530cb288bb9a27b9d0152950bc7f4ff39a

SHA256
3cbb1c05898b455cb03d2c48ebb5cbcaa16f833cc44c9cd4425a003739a5ce17

SHA512
776c5aa4ba17c459eec21c77dc013b0d9582f48bb0442ec188f385b585c3437fb8a35866c0c3cc84da538d23ca3fe2b0c23e53aa7465c9b6819a06ca36411162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1cad85ab82431a947be038d793094963

SHA1
60ec27b199e6b4ef13bcb27e4555c3a77244844b

SHA256
c0d2da9d27fc2edb5b5d0a7c781d19213c569539b2541da8ec5d17a9f6d45332

SHA512
3b1842dfe1abb8b4e308cb67a1359e267a875179f476716a3f28ecf3e7189087bb84dd60986537b09f93318678cc67e30e90e25422d6751956de4dfc0ce66aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
db8b83b671e5a8d99623c48dc687a148

SHA1
d7cdbcb0266bea3a4120db13c2b2bd08dcecd4f0

SHA256
3ccbd3640108531c2fc75a3df40625614e4f1930802a76b9314d2ec9b3333066

SHA512
dd5565a163024ac9ea9ccaa32612852ef85d4a4deebda65021712938baff5564703e1fa10d773fa898d613a233aee2a5bf941b69f6febbfa8e5c93742211811a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af4917c095740c164939ada65ae36e17

SHA1
76089f978c41d59987e9113910ba865016924380

SHA256
bc030a738f930c42706e5056fbe2bb808aa43a2a77e213157978205cfa11b514

SHA512
a4d187dc43b68839fa403cb5b92e767af9d2786b617f461116829e31fd488f3b3e942428b894035e24c036ca5605592703b53ea3fd38d7ff7eed8c9382e7b098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
661c3704b08fe7c6c72e5ea607303781

SHA1
b4bf6b4e60981b66a8298421873e50a5d47655e4

SHA256
6ae1c98abd37008f097842d5120577cda62a601c2c88a06fe3ac6e77db6796ea

SHA512
c0f8f24cb063c2ef3f0094e41b62dc87132ce847c46117fe05c13a4a4bce6e59f9933e2a4c1c46b3bbd545e10b5c8897424fb81908698fe150180bcfc10d31e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23b581681beb5c6899eacec485b13712

SHA1
d31a3c5769d86177e6992db9048f81e284d1e696

SHA256
8cf4597ccc592ab9f04165b3021cd22be0695f1bccb027fe54b9fca207228280

SHA512
d8cc445f74c119680cbb80b530582e071a5fcd37d483b41248262548a0fe7a4b848c68ca62efacbb664ea6059a2b89dcb3c7a68ffec1ce0938fff698b4eed3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61b706303acd869bea21ea3a083aa194

SHA1
016f4af71003f944d6a01c7e17c285834a7dc270

SHA256
98edcfe19c10555dc728c0dc868c7c4c99153529f62b6e176a4ff9ae52a0725d

SHA512
81efbd93a347c2330abb55152ab55a01bd25071e85e5b56f1b5f1edf500708fac44c83a7c0f563e30089aa00a92cb433bd47ba68f999ee3a01567ea384625242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
712ff231f0c8bb09a328a7134ea4fba0

SHA1
efa0875cf83b0aaa08dceaeac0a12d4c7d13ec61

SHA256
bfc496dd8acaf5ff41be101db38c5e8d04baa6bff4a6c6a5d83b116aa6d8519d

SHA512
c7a5d9eb5e2dc24fedc83f4254a7ce482ac0a13667bc97d8631d928dbfe4bab4f374a2d085f00e4aeeff117d98db28caf91be795743b0db137883011d268bd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2495486c23246cb887c734c34a01b27b

SHA1
46facf2e43d851635fbb65d5e1734dbf79f9b094

SHA256
a6911ebb2e56e1bda9e6827440d4e67907819b5b7e985227043344ddb9654f03

SHA512
fc8053e9129307e601ef5d130bbf3c33000293cfe98162584332ab097bccd8b706f5b53c871fc591f44a22ff1f8d870f67ad63ed7d667d3e2152e5c7cab572b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdb54ba386b4e34862d94735354a10c8

SHA1
0f8e5297b278169b2435df9a9623b6f9eb8e1426

SHA256
b227dc61cdd398999b5056efb1b4a0bc97b71341bddeaa19c476d35b71dcacd2

SHA512
63852efca44a4248d5238d2cc116b2ac61f5cb045d5fd8a1cff73af026bdc15dfda249d48fc591bb5b22115d618e2613f5795560ed6988a93d61bb7444377fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
618a35f62394959c2367a58dfd0aa3ff

SHA1
b9cc6707ca9880f6e8a4db274e526ed66d8ed392

SHA256
b4960b3f5f61362a2ecd9d2af2a5bf99004b4a895febf4cc3cc37617d2aa3b90

SHA512
5d74cc4e815974276af88629f01322914013dd93e523689704c53b8c512db31443324d68554c427b57b812d3ed79d852f7b2b96749412b307a6f86b78046e3e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
686cac9584fc1af8286b049c73430a63

SHA1
fe3094d37990c3f069c09c23f2ba60688bdd8a95

SHA256
0a2f43667d30df33ca2192c4a0177f1d9a168a05d623752669c31b82c5d91e25

SHA512
9c752cff9531f0f05be947440856096370f14237c97cdde9e339e907ba8140e95cf62dd51e1e66d887e58019ffc8ff9f03fa4601528f75876ca179f7f8db40c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
faa2f66db79f6452032ecfbb425816b5

SHA1
7e77fd035bdf0a86b6933a2c0acc5bcca5902301

SHA256
ece27c1cc79d0bfd316e175750e92a8949c391c08c3785049e9e8be6ede5870e

SHA512
f67ad527ca58200e527ab6f1552ee49c0c8cce2e80e3bda0078e6734056322673824d80240f0b822329de664bd28a95037e28065ff618b19172548acef679e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b110.TMP

Filesize
48B

MD5
92cc960deaf57ef559d480b6c035dc74

SHA1
c24e25f157156e870dba70171ca41b64ac33bfdc

SHA256
61f1eb69b1d1697c44d09755bd75cf0d4745e892931eac31ece956a4d41b79bb

SHA512
9e5d8e069578b967888a3c57ba54b1625434e6931ee7b4738dda2ca079ade69adc1d11082ad6e421f5ba9525f5aadbf44f243e1d91032db23f06828e75382e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
3297da41a13f362997e6a2254aba28db

SHA1
82c69d1f588e4ac0a11354e39224bf23d045a2a6

SHA256
978cb373196d3369f18832cd1795d3d686ef39b9d853e0f6c07a0fa0c9d8cd88

SHA512
48c3bd32b23c7a31607809cd88f3990857efb76c668fd52a6068ee30314e1048de49899c2cd37a5af0232be816f1122d146ee489b6cc05bf79decda09ea1d1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
0edbc151a16a21a359c20d0661c77aac

SHA1
a4c45aa151d56ebe59417993d03b2d0193bc38ea

SHA256
f70b3f4133f4055ed9b7702def87e884e4847f7a886745b968acea537deccccb

SHA512
29061512a8017c1308aa225b87b0734e5b0b542f4672a1ac804120a6b688975b2b948035ec78d8e957e46ca7b8757e24874e38311af7590db9917bb7122d51f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
927e8b40cad538e2e023b08066880a73

SHA1
1a62e7dfe1fdd4ffca84a13a649adad12022cb79

SHA256
492e38539b46aebe01c2372adb65b4b89acfa9693409a34a3bb09ee42b15129f

SHA512
05004d2c3502fb645bf153493ebd6a197c9c9dac0cc988f271be29940e21acd2975180beef8c551bca4348a5b50c50831b6850eb0ad5694d760c8b0bdb6b2a3c

Download Submit