hxxps://bazaar[.]abuse[.]ch/browse/

Resubmissions

20/04/2025, 02:24

250420-cvxmestkz9 4

19/04/2025, 20:30

250419-zaay9at1ay 10

Analysis

max time kernel
900s
max time network
639s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250410-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250410-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
20/04/2025, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/browse/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133895894858200228"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5456	chrome.exe
5456	chrome.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
5456	chrome.exe
5456	chrome.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1640	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeShutdownPrivilege	5456	chrome.exe
Token: SeCreatePagefilePrivilege	5456	chrome.exe
Token: SeDebugPrivilege	1640	taskmgr.exe
Token: SeSystemProfilePrivilege	1640	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
5456	chrome.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe
1640	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5456 wrote to memory of 1772	5456	chrome.exe	81
PID 5456 wrote to memory of 1772	5456	chrome.exe	81
PID 5456 wrote to memory of 988	5456	chrome.exe	82
PID 5456 wrote to memory of 988	5456	chrome.exe	82
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 1272	5456	chrome.exe	83
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85
PID 5456 wrote to memory of 5156	5456	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/browse/
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff911b5dcf8,0x7ff911b5dd04,0x7ff911b5dd10
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1956,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2100,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4312,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4332 /prefetch:2
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4700,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5452,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5884,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4716,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5204,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4648,i,10668044874747129229,16559643947805908546,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5916

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:764

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1640

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cfd27bd901e5e8d9c991471a17edd031

SHA1
daac1939e598c322397bbb81fd260e30d20e3060

SHA256
30998f957daee4d90d0dfbed8b8b5ae8313eecf934b5568dcb8518cde7d8badf

SHA512
83916973dc31805d7ec1b64e74fe28d689979cde99b362236592eb18caf7a9a76bbfe614a8a1db167008e0a64a663e52ea312f0a5124d04771448ae8c4e49906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
df718e34f5253df3d0b9606b8ef2ff31

SHA1
df95486d48f51a9011a2cc179659ef82651ce6f2

SHA256
47eafff349affa0c1380767e1d2b90ae68feb0253e952b7df566bd927a8da341

SHA512
afd02618b83d8352cbc5127698ba631d3b67d99fc754ebffdad1619f1f324f882d7560ca38840625932478905b1117e363b351d9840cc6afb13968ff085442d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7b68f6045ae7d2010d7a39a075064888

SHA1
a27d041a933254ffccd00e9a0d3d8280661cfcc1

SHA256
859afd9b595e63bba57b84ead764b3c04de3b2a8bf8a0dd0c68c8d98b5722831

SHA512
5ef8555a77921280d15c744f188bdab791a36301bc2bf3e6fd08ab241e9e686f112dc120609ad1297bc78d632f5dbfc0bcfa7e2c9052903dbde31fba04684c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe832659267277a4da96777bf7d10798

SHA1
a9551f9dcf442941ae31ee834bb521be4cbda67c

SHA256
05842abbf43079f45f8558bf8937e16ddc282448ee971577e8a2cba5617184c4

SHA512
eba9fc0a8bb4340297d58bdf6a29c4ac0e7e75879c1111e752b04cf2fbd19b87ece8f650695bfeba048c5580d20f9bbef57edcba601a7cda785fda8eca625e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
64423e95b575c5f25ea0a19cf7ffeed5

SHA1
49ad449b9c8ee6abde6793ae99e2b9b273686606

SHA256
14a2559ed7b8d95d2faf705e63d455778ae50c8869790e5cbefbc2b4a3ab78b1

SHA512
c83b53d8c3cad2392c525e3a67fc44baa348c6932c880ba508777e52e6769feb6280577802bd0148261104309a4d764c14fdee0bf0e4cc35f2b84b1294406130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbeb27f6d0b424d47e13086cafdf8f76

SHA1
13b35442a9a3e87d00078102183ae1c61653a3e3

SHA256
103b2b34c850350247b9c8a1d5fdadb7bac4aa743400bd0a0112f0b6b10118f0

SHA512
467fc26b1f4c5545b5bec8696e6594e65424789bc50b0df431de6f4da28613782e4ed2d9a537e67c5805a97353a231f176df57dd4cf11293dd3373a16273c870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3e952868850b0962b0a301607fad3cc9

SHA1
bb0f536ba5868bd052cefaf6be309f43302b4a92

SHA256
f790dc9a3cd560598dc09d762f9d68247e813eea8719f52ac779cc801fa0ac11

SHA512
fde6d42e2bdf68f52b917d243782a8b0122b2301bf63cbf80c8c2ee1459b66d929f21684ba41797a9b9ea98c212b68c0263022de8027009d542fc5f5b520c1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
927cccd2e817e680090c378c61cb5fe2

SHA1
a94cd28602d89dbe57e53daa068d48afdbe74472

SHA256
34b1dbed5f77b446992adff70983eaa7a1209994294c30be3106f83aeb8d1e9f

SHA512
47e7d415feb479404f08a1ce779219088372802f080f55f26990add5e5eb3bb745476b07c54a203f1de1042a7af3fd3b8e6a1f3831538cd5ba841fd6405d34ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b98c.TMP

Filesize
48B

MD5
107d01b7fbf2e2d75f3a1cba4229acd9

SHA1
d48558188b17333c2debe77069f5a5d674909b2d

SHA256
ed2fa1d488a89e29c2e63ed6bb562385614a52b9f695fd21f4d4978867cc36b3

SHA512
4a8155a763fe24e47bb8cc56201cce03766e85547e6313538b3db656a5fb8223ae3ce4e937ef0c0d5a6f096a644e124677b74edb8fa229cffe5fd635ee266448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
be3a53e45f3794d21d9b80837dd0a0db

SHA1
fc747af7b350abe45e6c91c4bf13579f14ee685b

SHA256
d3530f32a4ff5bd86b829a80127e3218301a6984bf5fa7959393991dab4d6681

SHA512
0b10163f4d05d711cfc19d66cd2df672fccb24bdbbcd0c2fcc73e9ef7746c94e6abd8bb57e042d4492f72a50abdd8ea5f92d69bbc46551562b17d366ba2535e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
5907fe0987ffacfe355d896209d26604

SHA1
8e8bdb6a3129369015624521fca4b4d1014bcd33

SHA256
c5fcf23b895ac92f1b7921744eaa2ac26477daebfc26c68a0e72013ff81c4fe2

SHA512
b0c4511d17d022faa59e5a74afa26dd548be32cbab512d72f0a19eca256c070d0ea6eda720436fe0d98623429562fa01ff268fe2fc04a8c1cdf50d6ac8e8b9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
b515ed6d1569b7d2fa841c3b22f921cf

SHA1
9a0df6c6ebd5cab097835e4af2b646e1d371d811

SHA256
8604932b19fcaa4725cdaeb45ad88cb3f56cbc1abb1130d8185dfc988c530257

SHA512
4bc9622edb74bf264b7081523a42965918092827c1ec5c381fcf84dc536c664e575326ffa10b842dec4bafb7aae49aa5c5288d66dbe57b821f5c0509d9bf01c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
2ef521d2bb1e707e0c25b30d8b6d0a83

SHA1
8f2663508a50bfd5faaa43f09f5d90db5b33a249

SHA256
4bc2b7b1eec33ebc42baca24127c8671b938160b7ebf44f22b71cd7d3446415d

SHA512
eafa34f3d1161ff3c65bb3b7d962134d66ffdf2d066fc104ffaa7c0736ebf42e82d3096d6c3cf83b341d8fdbbbeadc6c07abe75074f51dc9b4a993f6f6f72897

Download Submit
memory/1640-183-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-179-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-178-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-177-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-180-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-181-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-182-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-171-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-172-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download
memory/1640-173-0x0000017651A30000-0x0000017651A31000-memory.dmp

Filesize
4KB

Download