vjw0rm | hxxps://pixeldrain[.]com/api/file/XR5kMSus?download?id=51ffcfc7-062c-45df-9ef0-6889176f530f

Analysis

max time kernel
300s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/api/file/XR5kMSus?download?id=51ffcfc7-062c-45df-9ef0-6889176f530f

Score

10^/10

vjw0rm discovery execution trojan worm

Malware Config

Signatures

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm
Vjw0rm family
vjw0rm

Blocklisted process makes network request 9 IoCs

flow	pid	Process
65	4352	wscript.exe
124	4352	wscript.exe
127	4352	wscript.exe
133	4352	wscript.exe
136	4352	wscript.exe
156	4352	wscript.exe
164	4352	wscript.exe
166	4352	wscript.exe
167	4352	wscript.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	WScript.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4344	powershell.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133862661971752765"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1624	vlc.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
1228	mspaint.exe
1228	mspaint.exe
2064	mspaint.exe
2064	mspaint.exe
4344	powershell.exe
4344	powershell.exe
4344	powershell.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1624	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
4860	7zG.exe
1624	vlc.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe
1624	vlc.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2456	OpenWith.exe
3632	OpenWith.exe
3632	OpenWith.exe
3632	OpenWith.exe
3632	OpenWith.exe
3632	OpenWith.exe
1624	vlc.exe
1228	mspaint.exe
1180	OpenWith.exe
2064	mspaint.exe
364	OpenWith.exe
5100	chrome.exe
3316	chrome.exe
2536	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 3460	5040	chrome.exe	86
PID 5040 wrote to memory of 3460	5040	chrome.exe	86
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3980	5040	chrome.exe	87
PID 5040 wrote to memory of 3444	5040	chrome.exe	88
PID 5040 wrote to memory of 3444	5040	chrome.exe	88
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89
PID 5040 wrote to memory of 2216	5040	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pixeldrain.com/api/file/XR5kMSus?download?id=51ffcfc7-062c-45df-9ef0-6889176f530f
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9496ccc40,0x7ff9496ccc4c,0x7ff9496ccc58
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4660,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4332,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5416,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5564,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5792,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3136,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5720,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5296,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3228,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3140,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3192,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5644,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6016,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3540,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5312,i,8309104457925862277,408576714272078841,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1108 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4740

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3632
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\01_N0TIFICACI0N_DEMANDA.RAR"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1624

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29075:108:7zEvent4865
1⤵
- Suspicious use of FindShellTrayWindow
PID:4860

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\base64.JPG" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\01 DEMANDA.js"
1⤵
- Checks computer location settings
PID:4504
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" x "C:\Users\Admin\Downloads\01_N0TIFICACI0N_DEMANDA.RAR" -o"C:\Users\Admin\Downloads" -y
  2⤵
  PID:4828
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\archivo.vbs"
  2⤵
  - Checks computer location settings
  PID:1352
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "$Base64Content = Get-Content 'C:\Users\Admin\AppData\Local\Temp\base64_temp.txt' -Raw; $DecodedText = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Base64Content)); $Utf8NoBom = New-Object System.Text.UTF8Encoding $False; [System.IO.File]::WriteAllLines('C:\Users\Admin\AppData\Local\Temp\decoded_temp.js', $DecodedText, $Utf8NoBom)"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4344
- - C:\Windows\System32\wscript.exe
    "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\Downloads\decoded_script.js"
    3⤵
    - Blocklisted process makes network request
    PID:4352

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\base64.JPG" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
be887411bc3cc6c71af9c05c37a593a0

SHA1
f959239eec1e82dfe91bbe32d8556f200e6bad1f

SHA256
5775df6b8d6592821507cf8d2e388a6fc6879a24c4d0fb4e5021abdda89fa4ff

SHA512
1a6bc6fa5da939923be7bbd731d46a92ae621c94568e26d457eb2045ed0b9775cde4b43450031d9911742255c5e880549fa58bce4677afa37b417cf0c603ca42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
1.6MB

MD5
e3bc579d4ab05d8ffa4ba9e81c917d96

SHA1
d2de8cbe37f4a4f3865ed3f5173c5295747a4c2f

SHA256
c7698d2550a1f281e9763c7ed8608681c682a77c3abe337a4a65c78467c01e44

SHA512
700cc2760af71d9ce8381716dd5180016b14cb2e546b8716f3124dbcff88d2fd745c70c8f2b9cd709a090e0518beba518ff77ee9f50f51f0f89731c39faaa1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
215KB

MD5
786c4894e2393c2a6df8fe0fd6aeee3f

SHA1
2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0

SHA256
258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4

SHA512
73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
8725c81938b218b9080a0d1b09e217c7

SHA1
d5b96a5441153b1daca433ae14f2b82d59260af4

SHA256
e097a3b533021f8def29c88af2a8324e1a8bf63589a6422dc5c595c462addf6c

SHA512
a5612ee3b76bba426dcb43f4d490531f8cda67514d4dec873cf9a0afb8c4421bbfad077762f34a10120040a0983d24e81ee2426efeb19d5ede610726ae7ed447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1fe9f7969d303e7558cee1a7abfcfc7b

SHA1
1b743f4d8ebb9f478034d88d98797022906a5052

SHA256
5f510d2d2ceac4d91fb4bf4a54d9c3a54f2fa923dc9eba644686bf45045d8b19

SHA512
cacdda0fdf5764f2d06c9b8671666c1bf0b92e3b8747e008a3b606bae486616b9a360d45929b00f628e367783cfedac6521e1c7e9ac5c6de71242403cc4abad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
236699288c31f56bdc061e0d01790fa3

SHA1
0d61d70235e140c32bd664e461572e46f3ac16a7

SHA256
3eef6e3c95f96d743837482d067e8f9029cbc95fec10849126a21340356d1c1a

SHA512
5d383f742ee659dafa5e98cb25e063c370ad1aadbe33286a4dd99e37a4c71a7f4f60ecb7b5ccab194893f6897b430b1df0acc95be327d7a6cb14ffe7725bc721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
27KB

MD5
89b40d10b907a07cce50353a5af83ac0

SHA1
cc8b5c481baf2fb0577378100f6be9ff3d44407b

SHA256
288f5da84f43a371d7d7bfdfd3a64cc703b9c70d7233ed48e0c4487d5ae4e7b7

SHA512
9c4e4d025da7cb1a9c35f84ba5a0675ee3b27382baeb58cb14ffd716ff8e6e2e9633aa8fb862a789d8756191a3b34a25cb7857d03d7e1462e52dd9eca91fe338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
355B

MD5
f7073e38a90104d63889add67098ce9a

SHA1
2fd87dc05b98ce4adcc2a11c1f838a2d06e30def

SHA256
265e1926e7f16b79d6c068038fb3d3c63cda2010087f1ba89a811151892daef1

SHA512
908d3dc7d64bf0dd1bccf4f289a626337b93bd0607d0efcf26aaa1f13f7b60f444e882a06cc0c52db6a75e881f104139d63f7a13e9d8c11bb274e30a42624386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
85f41b5fae596ebc2eabaa6867236687

SHA1
abba2f5883abd0123860e4870beb8e966e4c7dcd

SHA256
87443dfcf10eb22f7000186855acaccce8c8a50f090800ea326ba9de7b2dba4e

SHA512
f87d08fa217877f22ecbe11780aceb2a31978216e4437a80c7c7fe6d49c43f0079aa5d77fd65a22a03e1d15efcdc151836139509b69622e45083e54672549f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2cda9260409d9f98280b853fa89bf06c

SHA1
8e99511c42e5219aa528f1b47a42d72d09c17e9d

SHA256
5f4563c0015d7bda2d5aaa22b51dc2e7c8673cdb43498073aaa07ea212238251

SHA512
4a98d1f51e4be500700785168b3bc943cef34df52266b10a9278399fa5fe25060cc1ac128862f48b455566ce5eec181493a694bb3d4b8d65df0ba95c4a5607dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a14a96dd02121be734f67b578f320494

SHA1
420f8f8bd114fa3508342dc46f42eee3eddbcec7

SHA256
5ed3184e3b982b5e60c093329659512bd80cb3f94e678fb54d349f20620842c0

SHA512
7017245b06d47e9ef9eb33f2a6d1b9301bc0714a972c7d96c776aeb66778ebc7bcb5249867fb94752ab1f3cd5e71fea78f6901a84e3d5710d31be70f55ad4032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
98e66743cf758d785211b94859eac1a2

SHA1
39cab2f0e08bdbc1cf9f0aea7fccbb2bc8319821

SHA256
66e389b2bcb1e88d88b90c4c0d190916371a0e2f71cf000743c7b0f3ced83e80

SHA512
175c3dab0cce658e445de1a555f0185906c180d4f2f912047bd8c4598529867fed9d7d36501d271a4967b594f8bfbeee9b41ab20a6ac953abe19d7b4608dcc90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85ea66d96c35dbd3b8c3d33b81eb7692

SHA1
ee390654a0599d0936dca0a0b700096be0661eae

SHA256
8fc0b408032e93b3e24e5468b4074f3256a43b4f2af89d77f13c43fd0700f230

SHA512
daca2557939fc2c77140ae3f2ebd46d4129ca9875fadfa0cb6f3b964c9809c0e638fd968844e373afeb95d3ad07c2ffeb6bef3b3be42b1973c2b4385acb9ca3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
197fd3888b74d157aafe8c01bf896648

SHA1
363bd8f80c636df2db10610f34d152fe48608813

SHA256
36940d116e6b3eae6dfc101419322e36e6a2534907528346ebcda981035067a9

SHA512
a4105abecb50c3675134e25401d156cf8c2b2e37faf339b3fc332f49f6085381d0508390a7d3af9d68d860687502f11fe0fe63fc7dae35c7eda4d0fd69dc9ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e78f913d829f93394f3c49b8275e381

SHA1
f18ca6dce5f9b89e404878f18429ae9469827135

SHA256
f2dd1f48f21fef348e2e74d234a6aff1f4dd6390e58a479fbf55364eb7a4999f

SHA512
2939f6160cc533beed25aa56e52a946fba298f128efd8a16ca79927db75c9777ccadfc8d6b78622a7e0181ff70ec641422e606a7b805289fa64d7a7d7ccacc17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4b77b866be004e50336d9200f6bddd5a

SHA1
c93162e5245b738cc6217cc32d0c50e2927072a1

SHA256
60780c0e88918b73e04ea79af770c129c004bbb028ec77ebf759b6e79746cf91

SHA512
853433972cfbf0bd0720a52d824038306e374a077f703f3ee693113369d4dbddf7205dc5e12fb5c3364fece04258b361dd382aeb64b339bd959f3df65ff4edcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a0e0b7e6427e9e4bafe8d2844771eb6a

SHA1
bcd2f9a5c2b1b25ba42ef19b578a6e684abe8504

SHA256
c29e6e2cb96caaa0cfc3605231494801ec7a07ea2ba1f0d6e583a5cd087ca6cb

SHA512
1cb7ba424f060ca2a924777069e2f26fb71ff6c5159973f617ddb0224ad61619003219035cd674f710d5eac99acfbdade684b2e1df6486174803eb297d932012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
749da6354e8c65189fc363f34f20ff85

SHA1
9dd9bd5009f95546aa765b5c0eb35bf84bba12a6

SHA256
30000c8dcb236f729095abaa1c9ea8706bcee65c1dbac9f7d306a0276936f5bd

SHA512
8f04dd8fa9cfb7a8c297be945a4a7d122455b68962e6769008627fce7486b81f7fac23232048cc9e2f3917f3ded0544103129575bb9af051377390c65591d0f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d06ddb0f0f9bb3f4252f096d2cc9a3f3

SHA1
c0f5e8bd059751e07ce6d0ab057926df8bdafb9a

SHA256
e73d805daebbc81b33d41506cf0593934c59e79ea697535163a03998f23484c6

SHA512
3b237d6c5427baebb13efb4be597abfd7fbf515903377bb8e6e91f879fee58952a52644174d565c86fe40177175ce33baebef84fcfdd997a44cb00f55b565e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d0e1ee88bc0071371e361866516495d

SHA1
b9a387796dc274710334d2c25695abb8cbf8cf73

SHA256
d8790155d892b1d0feca850213c57dbfa31039492ac44b5386f21c4c37ea3244

SHA512
cc9323629b224c390c1e1247f3f9bde0e1481b8655bf496d368bdf158deee0e3b32d223c176ddd405857c5a947c44ae2107afc82fe03fa59b8d790f25802d0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68248adb8f34388b82a6670b539643c6

SHA1
021cde536b677fc4806e293d85ec4c25af43c03e

SHA256
25b01617b6e4d22a10c7e7a5afc16ba3b4d60f97f7e38c215bbae4e8b71a8cd2

SHA512
c244be25cc8776894931b8409f25a8b10ebf0c1e142a7efe4f822a94db9b7acf53f5821a4c7bc026ca4f31e9292982c31064e9dfd36c92d8617660e379eb8ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07a92b03ca172a51a32e73e52eab39ae

SHA1
b15a161dc9d18c2adb5cf39e09d652f22f14cae8

SHA256
a9f07adb05165710a37a8e2eff6cdf269c9f58bdc49b39e5d78740bf5d183805

SHA512
12b6c79a6a0f7c930989503c3d109d3cb0901380ea648669c651902ddb637ac97a53bb4cfc3efac7d9591aed9eeb0934f774c216d07c9d8f3103769f1ceccc0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0fa3936da00c23c77cf0aca297aa410c

SHA1
61465e407df3f5aef724877f332bb523ef3dd835

SHA256
212077ea6a5011e197feeb40f3482f02a877c26c5e27aefc59fe6ef7f1c9ceab

SHA512
7423671cc7d930c68d96849a7fb1bdb9f623806616532eb02ed59036c078d994e29d7ef2080536ad8e3ccd9b54ce3b467005775b64e820ec81697d7fce6c729a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d539dd76c31c95ae5443dd4a7f4d1a20

SHA1
08053399795ea8bdd2a2d2beb2e7b6bae5e97f28

SHA256
d3e816dc29f34be12615726b589bd7a49803b3d55c57119aa3c26af895beb8e4

SHA512
807d5ed1afd8076423e9757d3b503b3c36c53eeed7478550ed5a4c854c9b7069c90ba921e32408726dbd0d598357e062cf7bc74bce4d9505f6f67adbcc29fc08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7dde9c0d5fbd9bc4ef6ae50188d2d5bc

SHA1
dc26fcc30a0e7661c20ea062cb5a2bb460bce4c0

SHA256
2fd7b677e2407674f5a31454d164dfb481d464f08dac9fe8214251f08251062f

SHA512
88ce585f8b074b89e47fa3f1c0f3ea59e3f44afe0880c3ffb728f283a8378603f730496406aa5679baa83c94a538c88b2184a2ae343b7be0645e9bce2f3157d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4108cb055cb124236c6685de3fa1b54a

SHA1
ac3bf36260accf2130712b761b0db9fe437c8e38

SHA256
e7dc656df0eb45fb2f4274ec29ce81f9474a548377f4cdcb60ff53c0c44a1417

SHA512
abefb96ff26ad7225d10611630765f3aa1fe15c7cb3bcb16e9365372e9679036c56478882e0732512e7ea6a2a60e393dcfd5d1cdbed5f6954d5bbe62d4ff17c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
452a07033ef0db9cdba0b60ba5265353

SHA1
1ee9a86775244189675056a18ee53fe629d9f997

SHA256
8f623cff226203abe395e571c94bebe45c5a0253104c66bd461c735ac9eaebbd

SHA512
9cdce645a9e7a87a88bae57645968c27a89fe830e33448052ea986477710dd1b50a0cf99304a54b74a2bfcf50cc46684469b9617a01537479724b38eb57a647e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4e359338a0d0d48c85a1e996cf1621d

SHA1
6579a5a6d1922e937e92cf74bf86361ea46d1ab6

SHA256
6b5352c9d1e0536f9c8cc8a93dc399b43a7ee5d6ce47b01569ac3c2ea976b675

SHA512
f04956f2dc392c7b91c1428a579d1cd98ffa7f118abb83d46a3ca1a5b740cd1a95171ab14fdd1408899162b18391bd304f86c5a17661a1557bbe993e0d7e4235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e130574e804c168ff7dd2e13ce803ccc

SHA1
3c0a9ac019a8cc1b2c4c40b20ddc357cc2314ebc

SHA256
3b24edf0e2835e2d784f1e2d035cc6c266f40848ecf0fde7075be6856fb9eb4e

SHA512
76f8e3231694c49459968303c5c40336c1658909ec812302c8a1fefa62dcf97ec07407efe15d15d30f39dbb39f6a0845a0e793a81f0cb5894a0d992e60ad3bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55d5528e00aead84f35d4e3a1bdc628a

SHA1
75a34c3178a17986981c2b53f3de2b29887ac82c

SHA256
c4ce294e57e6d69f99573021b6e8d41830935f11a39bd635cf37e5d792625774

SHA512
df90bc04d0432969045fb7df123d9c4509bb29441f0080ef28f4485d36eb42be8d2e4abebf0c52f8f8e7cbc76f5fea313e3d3b408c201f34b90ef5401a0ec70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df3722505e35e7c85eefeb1577fd6fb7

SHA1
46ac6114d2334741d612b00345943ec916da7b5c

SHA256
5feedefff2b01184e75b6799984719c1b2faaa361e7d9940d962cf39a5996ca9

SHA512
6e4e9d299ddbbb32682b74c64511fcb7197f964df9fe3ee70444a359115ede49fb0769d5a44ca2f417ca7ca48477fbff91cbed06fc84f74ccedbb4948ad89053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ec9f8c93405073555fbf5154d3e43c3

SHA1
77d50a80b66c134ecf49fec51894d2973dc155a7

SHA256
9d56c94ea2dd46bffc8a3862208f4528400440b0f357a77b060379b7e730d970

SHA512
96df65df6970e0a8f2a820c6227a560fc820e1f9b0fbee93283dd2d87712485d91aaaa0bb18f8c9bad8439a635dbfbccc3a58ad419df9c039025467799833003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a8167d21b9bbb159fc8004985031ec5

SHA1
f3747cf001b116ace9e22f3b7c77ded852010205

SHA256
ce8eb7815c323d5e97205bc06e7f9613a4806674aa6a2f803a28503656c8ea48

SHA512
ab3ca877de4629e3fba77e5c3c4b33a86937aedc90cc8953ecfeb90c97a2a5820e6551340c0c61cbd074dde6801a5987a0ff8f065de660c3ebe84644c1b25723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80a204a11dd4f92a4450184ad82a9e30

SHA1
ab55149f2654ba35583dd9c7f87047f923175e08

SHA256
bf537b774e1e4ac762648e5311761341e35ddd7a7fe7929cebc0b1574ac64155

SHA512
d4cf6f07daa3b5c75220a82ff6054e0ed76949e605b66f57c5b8f887a6eb035e6427f55de8ea11f7714d36e2b599a1397934b9191d5b0db331b68674100bd704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ed5c89f64ecbec43628b05986f82203

SHA1
02fda5914fa9bb57e3dfd5fc6c72aaf720c817b6

SHA256
36e74695dae5b67bef97cde429e867547d452a11fdba73b9757587881397d441

SHA512
a74d081f8cb795dba50b14a972f801a4cc07cf14e84abd2e2d75f8f278491d995604500d74fbcb326a5dbc48599d5e8b2caaca2dcd6c7d061be87a12abec71b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\c253c3d1-c14f-4f2d-bccc-e709406faae7\index-dir\the-real-index

Filesize
432B

MD5
46d29bb4f475bda4ff92f6c4ba2d6d41

SHA1
6290c744ca0d08c0a42e518f22a09508b8c7ee98

SHA256
bde441bb781baaa338945f320841a5a9d52b347e69c068f86a034d30267b42f7

SHA512
51adea0408a428b29d93990899b43df57cd8240a4d65c4fb583d13a114ad7e89a323a9c0748b8f6cfe58057ad25c1b2f15924ae85438b81a1a9e386a59e57ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\c253c3d1-c14f-4f2d-bccc-e709406faae7\index-dir\the-real-index

Filesize
72B

MD5
d4c4398c7fdce1ca4ed0a65acda30e3c

SHA1
05bdfdb5cb8863e7c8b1de94b1d42123fc99f5dc

SHA256
b05277c42af7356ebbd701746edae9afe98963c9d919ec4c09bdade01b1163be

SHA512
0d26d75b891492e23816548c145fae911213903cdc839a7c4522774daf28528250d5397468ad57027835cd4ca3ab3b71e2bf5ee552a0342bcc40d653a67ecf04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\c253c3d1-c14f-4f2d-bccc-e709406faae7\index-dir\the-real-index~RFe5b9aa6.TMP

Filesize
48B

MD5
9b7b75f5e2b6b065d3fa565ca1a349d6

SHA1
c3655b39023d842a5fde6ef32bd61405d8af6661

SHA256
7282bf5f654cb231b7468038dc7102ee255da3307c37f45c2aa82bd30f8c548a

SHA512
583e2f92784b2b61a0aa222f9f2f6e0dba4d824eb4135afb3cfd040871a5505c685678a8b8e5a641235f6472d49b1018524d805cef3cfa039ac4eb208ae6ed70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
122B

MD5
1e68d08f2c8f117512edd8940395c08f

SHA1
7167688c8c336e32cf34fab864001f0e5c9ff057

SHA256
701740aa1f4c37d58322453ac3186c0ed9303b18d6dcfb4a15156df37216e8a9

SHA512
c962d89e807dbf727bf2ca39765624fe5781a938e50d752e9862e2c314137d0ff4ab228dc06140c60b0ad6e2f6a0a229b0d97aad00db1baa84eb53232663fa7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
6058aa8cb90b8c259bc494ecdc9d9b39

SHA1
cbcd7ccce666591987e31980475ff1ddee8eadf1

SHA256
6fe917d3fa541a876d6380aada28044734836b896a9dbaa7530d896ec51e4610

SHA512
11e0effe85a4cd509ca7d183b84118bd699c559d1a32b8087c8d042366d102b6a21a9fd9f2bf5bac508ffc01e9cd4ee053ae5882afc045d64ab0dcb35560dca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5b9ae5.TMP

Filesize
128B

MD5
2c6ee2c36f42ec90008376fa12c5115d

SHA1
acc8b85d2d1e59e6d7fb150162c4643fa094bc83

SHA256
178027008df4800e81c08d1ff9a394543eb7126e8c531e7643a1f856a1a64f11

SHA512
fce0172b42226525d10248d8e9527533d4f0ec32a5ce61c368c6b40d381908e35a0679eff61c617a031ee34b62851ddc4f60922056d36377bddbae43cd504b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
bfbf354c385171ceafbe208066c03499

SHA1
0aebe10dac15de7dcd9b7879c6f52fda559dee95

SHA256
76f924356bab38094a737cb579d495b41fba8e664b5e5a8be64d1edabf44405f

SHA512
360d91ed4ae087ca09b5cad15b9a9f35b5421574a121c6397c9883d616aec7a23e3c193c499c7b9669646bdeed4d6cf33945af0bd6c6b083c60302250cd73b19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eb4cc3a4-8840-4c3b-a1f0-fbda0da6c975.tmp

Filesize
9KB

MD5
5ee944c335ce0d03954757c754b50f15

SHA1
4fc761d088272e0cbfefb166bb32bde6118f5e41

SHA256
17273f72715d8f2134c81cc4183c5060580ce02c071f9498e061785363e00ed4

SHA512
99075f0d3289ecf03a832cfa61c24ace05257f248bea074dfc81543ab676fafab28de81041e91461e19874f5bf55106d1940d363851d95327bff3da0faebd686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
e441a0d1aae933dd31ba00819c09dfc3

SHA1
7c8bd7fc9289591c6a541cc2193650367978a6f9

SHA256
2f689d393d5d929bfb2490429cfefe61da677ddbc70eb9ad1b39bf223bc0245a

SHA512
666ceea8912cb24bee917355314d908556ec583458ce9e656966425fcf638fc6779247e44df4f1928cf23a525d2be8d79a7682cc723bdaf83598f1d98248ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
a5fe5091070d757051a494b9d5328fa3

SHA1
d917490cfb26f557f2feb8fd12a4d36a9a0b9f00

SHA256
c48f9b7300d54ec72494471ae3bf89d2eaef855a69f17e511f40ddd3c7eb14cc

SHA512
ff2472daef2dd14d73a0d0dc7c9fc56839658d31ae8793c8c0c82b45d598203ae25cb0be66b41ae34230cc8bf595b1176b7122ed6951324552ebdb1ea79bc801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
30f16ab0bc8d59c900c7e5df9334a55d

SHA1
84b92591ce67d031c0b5d87e5d1672f490f09c65

SHA256
b739282af4990e09f87bc9f3293b9aa169006f7b5d9392472716fcfe67a7942c

SHA512
82fc07d839cbb0e1f1b1537d87ea11fe25a91e865813421e1355f8a4608302cdfeaff3eb55604891cf4d03e0a7585916ef5d8c6a58ef3314e107e919cc0f23c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
7b47a8a5b8be68efc98ad1244a49ae82

SHA1
3f8ac4477f8ce4927bbd9b19401b6ebe5f6dabb7

SHA256
01327fae4b43a1213f75f517b961cbe17ef559ab7f50a4a215556fa381af7d25

SHA512
172279f3484dfd40fe46575938f0595cbbc5cf3b95a647b836afc017dc4bb257a06af2970d0ff2b370851e6d654bd6a8afa006d6ffa53918edb949d82d4ab792

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mzug0hlu.ocr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\decoded_temp.js

Filesize
3.0MB

MD5
72a22a43d606a6e9681ad3fd264a87e7

SHA1
95c6d9e65c1c730ebda7ae58d1cc2207e7d8bf91

SHA256
4d57e9f446f7a85095777bc2215060ca5fb6df34a45bafd2002c46f41f61b4f1

SHA512
6f25c3f726a0df22965b23041d5cb32bb0778ae1129cd74dffd270962dd68f32f784f0a9238f1088489c5cbc46880f1dc5c72a38199a10d1d668e19cd8980902

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.YY1624

Filesize
90B

MD5
db54da77f0544efad2d11eb5f0e08f0f

SHA1
daaa5dc69d19625e9187a6c976bac8de41cb8de4

SHA256
2f721a783e7bd41520fbe9d64efbd394b93f3f9651efad0d4f7fb68f747951ae

SHA512
e8c0add784121a142ce294c6d7914496b0b58167438a394f2a1884897cc34223dc91a842872c3526d72f6719556d63ce752bb6e3c61e6c6d7b6204a3143e3de6

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
b195290d2677e42ddbbca9436737e4a6

SHA1
6f04d1407144bf4df9c0c975956247f834b54625

SHA256
6678150de9fbffd0ca3d2554d8813cc1675580c985eaea1ce21a4f61c96f2d67

SHA512
99d27fdf5eef5507774329ce00e268ce4962fee2b06896cc86e65e4385ae1ff76d3e14ededf47d39612e2e607ca725e7551357e07c36ecd719678c5db3bf1f1c

Download Submit
C:\Users\Admin\Downloads\01 DEMANDA.js

Filesize
4.3MB

MD5
47c0c93eb1b02d7f97e971296add8dd9

SHA1
5690cebf28b43cbebada4fad4c4aa2f8f0f08066

SHA256
c7dd2fc14f5f177945a8728dc0ae9a01ff93b229801af9e55727901c4d8c4913

SHA512
f0a163a9f1896f643ff5de04908bd610c52dfd1e19e57d420b54527afbd27af4afdb9e51132b8f6a084fe273614eb2c14cb8ca8c7cb3014d5e502fa87c225b6b

Download Submit
C:\Users\Admin\Downloads\01_N0TIFICACI0N_DEMANDA.RAR

Filesize
118KB

MD5
6c0c94586f556d8cef440fd47f4477db

SHA1
b202c0463af3780ccda7cd533ee27aec89cbc44a

SHA256
e879206c8fb76bd189ed81ae00a3800f578c345366c6b5e37e9996ae1fd61626

SHA512
2b92251289b615ab9bf0d17440f0c835ff014d2453b492fe3995271d029a9bef789bac0fa5d1cebfc09a92e96017bb2ce3c0e40e07f379384b48595475052353

Download Submit
C:\Users\Admin\Downloads\base64.JPG

Filesize
4.0MB

MD5
fc93a408baa49ed7d41306c342caba2b

SHA1
92089f3b7ec188f8680282d21dacafc8b1868398

SHA256
3842adbd52e4b2fb2f67fc9c7c61275b2f5f5ad99606143a0d4765f44e1d570a

SHA512
5d89bacfb449aa3c275fcdc0ff102d3818cfee3f3cb17fa9b75135db550aab739737b9f09c86fd7129952027167c5a3f874574b31c632679174e4b7e7952a4a6

Download Submit
C:\Users\Admin\Downloads\imagen.png

Filesize
10KB

MD5
18c5ba104f4449f9e5c5e8a48ac5fd03

SHA1
fbcb4ca18105728a5d955975219746c5b938e976

SHA256
a7278e0122429d0154d07b098d18559c83ffdfdc0506dd486129d7a6e5669d6d

SHA512
e2e3e28309b4ebc05e175ad998c1cb63960cf21ce95f13fa9d0eb7d78cfcfd684f8a625b96cbc6507f9907d547564a20c89508111ab69604b4f75b492cd01fae

Download Submit
memory/1624-86-0x00007FF940CB0000-0x00007FF940CC1000-memory.dmp

Filesize
68KB

Download
memory/1624-83-0x00007FF9354F0000-0x00007FF9357A6000-memory.dmp

Filesize
2.7MB

Download
memory/1624-82-0x00007FF945350000-0x00007FF945384000-memory.dmp

Filesize
208KB

Download
memory/1624-81-0x00007FF65EF90000-0x00007FF65F088000-memory.dmp

Filesize
992KB

Download
memory/1624-87-0x00007FF93B0D0000-0x00007FF93B0E7000-memory.dmp

Filesize
92KB

Download
memory/1624-90-0x00007FF937320000-0x00007FF937331000-memory.dmp

Filesize
68KB

Download
memory/1624-89-0x00007FF93B0B0000-0x00007FF93B0CD000-memory.dmp

Filesize
116KB

Download
memory/1624-88-0x00007FF949060000-0x00007FF949071000-memory.dmp

Filesize
68KB

Download
memory/1624-91-0x0000028D468E0000-0x0000028D46AEB000-memory.dmp

Filesize
2.0MB

Download
memory/1624-95-0x00007FF937300000-0x00007FF937318000-memory.dmp

Filesize
96KB

Download
memory/1624-134-0x00007FF934230000-0x00007FF9352E0000-memory.dmp

Filesize
16.7MB

Download
memory/1624-125-0x00007FF9354F0000-0x00007FF9357A6000-memory.dmp

Filesize
2.7MB

Download
memory/1624-92-0x00007FF934230000-0x00007FF9352E0000-memory.dmp

Filesize
16.7MB

Download
memory/1624-99-0x00007FF932450000-0x00007FF932563000-memory.dmp

Filesize
1.1MB

Download
memory/1624-85-0x00007FF948830000-0x00007FF948847000-memory.dmp

Filesize
92KB

Download
memory/1624-97-0x00007FF9341F0000-0x00007FF934201000-memory.dmp

Filesize
68KB

Download
memory/1624-94-0x00007FF937180000-0x00007FF9371A1000-memory.dmp

Filesize
132KB

Download
memory/1624-98-0x00007FF9341D0000-0x00007FF9341E1000-memory.dmp

Filesize
68KB

Download
memory/1624-96-0x00007FF934210000-0x00007FF934221000-memory.dmp

Filesize
68KB

Download
memory/1624-93-0x00007FF936040000-0x00007FF936081000-memory.dmp

Filesize
260KB

Download
memory/1624-84-0x00007FF948F30000-0x00007FF948F48000-memory.dmp

Filesize
96KB

Download
memory/4344-229-0x000002B7CC7C0000-0x000002B7CC7E2000-memory.dmp

Filesize
136KB

Download
memory/5012-167-0x000001C8FD620000-0x000001C8FD621000-memory.dmp

Filesize
4KB

Download
memory/5012-148-0x000001C8F4970000-0x000001C8F4980000-memory.dmp

Filesize
64KB

Download
memory/5012-152-0x000001C8F49B0000-0x000001C8F49C0000-memory.dmp

Filesize
64KB

Download
memory/5012-159-0x000001C8FD500000-0x000001C8FD501000-memory.dmp

Filesize
4KB

Download
memory/5012-161-0x000001C8FD580000-0x000001C8FD581000-memory.dmp

Filesize
4KB

Download
memory/5012-163-0x000001C8FD580000-0x000001C8FD581000-memory.dmp

Filesize
4KB

Download
memory/5012-164-0x000001C8FD610000-0x000001C8FD611000-memory.dmp

Filesize
4KB

Download
memory/5012-165-0x000001C8FD610000-0x000001C8FD611000-memory.dmp

Filesize
4KB

Download
memory/5012-166-0x000001C8FD620000-0x000001C8FD621000-memory.dmp

Filesize
4KB

Download