3c4b87be8450e3120b7ad2b11ff59850950beb39906dc1636b3ee7b6390f2086

Resubmissions

27/03/2025, 20:13

250327-yzgmnaxwav 8

27/03/2025, 19:56

250327-ynsksazjs7 10

Analysis

max time kernel
278s
max time network
286s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chrome 134.0.6999.14115.js
Size

1.3MB
MD5

e276013cd57428820cccef3b09456fce
SHA1

fc4202cf424ce4084ea5cc98af0b0e164786beb9
SHA256

3c4b87be8450e3120b7ad2b11ff59850950beb39906dc1636b3ee7b6390f2086
SHA512

c3838300e48ccf8f45cfbb691f968d7fcad86fdc289f0a93e4caf0972563d682cac1c72253d5942439414152e5a3219fb77a5e496718d763f8a0a0f82c524f8c
SSDEEP

12288:wum1wz4FL5dM2f8f3ue1wz4FL5dM2f8f7:OCz4F9dM2f8frCz4F9dM2f8f7

Score

8^/10

discovery execution

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
31	6072	wscript.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875800136708090"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	notepad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	notepad.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	31	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5088	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
4544	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
4032	notepad.exe
4032	notepad.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5088	OpenWith.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe
5180	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 4688	4544	chrome.exe	91
PID 4544 wrote to memory of 4688	4544	chrome.exe	91
PID 4544 wrote to memory of 4664	4544	chrome.exe	92
PID 4544 wrote to memory of 4664	4544	chrome.exe	92
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4916	4544	chrome.exe	93
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94
PID 4544 wrote to memory of 4224	4544	chrome.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Chrome 134.0.6999.14115.js"
1⤵
- Blocklisted process makes network request
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe4158dcf8,0x7ffe4158dd04,0x7ffe4158dd10
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1560,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1940,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4276,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4296 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4704,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5428,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5620,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5800,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5680,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5516,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5816,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5828,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6060,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4824,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4900,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4796,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5452,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3392,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4888,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4412 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6300,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4768,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5984,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6572,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6260,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6484,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6120,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6808,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1104,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6252,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:6876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4624,i,17323609103583911370,9823399239669068898,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:7040

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4492

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4032

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\malware.js"
1⤵
PID:3808

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:5684

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5088
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\malware.js"
  2⤵
  PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\malware.js
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5180
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2020 -prefsLen 27099 -prefMapHandle 2024 -prefMapSize 270279 -ipcHandle 2100 -initialChannelId {d7a43a07-5142-45cf-9d6a-f089b3f67533} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
      4⤵
      PID:908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2500 -prefsLen 27135 -prefMapHandle 2504 -prefMapSize 270279 -ipcHandle 2512 -initialChannelId {89f0b312-b8df-4078-a0c2-8bc489101bb0} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
      4⤵
      Checks processor information in registry
      PID:2940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3924 -prefsLen 27276 -prefMapHandle 3928 -prefMapSize 270279 -jsInitHandle 3932 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3940 -initialChannelId {781ee859-6cbf-4088-9c2f-e8375020f70b} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
      4⤵
      Checks processor information in registry
      PID:2324
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4088 -prefsLen 27276 -prefMapHandle 4092 -prefMapSize 270279 -ipcHandle 4180 -initialChannelId {22979424-7740-4471-940b-7051229050a1} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
      4⤵
      PID:3912
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3080 -prefsLen 34775 -prefMapHandle 3084 -prefMapSize 270279 -jsInitHandle 3004 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3020 -initialChannelId {882eccb7-5d79-467f-a919-c396e47965c5} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
      4⤵
      Checks processor information in registry
      PID:2600
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5084 -prefsLen 34905 -prefMapHandle 5088 -prefMapSize 270279 -ipcHandle 5064 -initialChannelId {0a411f37-1ca6-4573-a474-1826caf01409} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
      4⤵
      Checks processor information in registry
      PID:7076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5272 -prefsLen 32793 -prefMapHandle 5276 -prefMapSize 270279 -jsInitHandle 5280 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5288 -initialChannelId {acddd320-c790-4844-8466-4042f55a2515} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
      4⤵
      Checks processor information in registry
      PID:7092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5500 -prefsLen 32845 -prefMapHandle 5504 -prefMapSize 270279 -jsInitHandle 5508 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5512 -initialChannelId {788d1f63-a4dd-42b4-8425-bfc2626d476e} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
      4⤵
      Checks processor information in registry
      PID:7108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5452 -prefsLen 32845 -prefMapHandle 5448 -prefMapSize 270279 -jsInitHandle 5420 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5500 -initialChannelId {6cac3380-ab3d-466f-b7a0-34dca8caa87a} -parentPid 5180 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5180" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
      4⤵
      Checks processor information in registry
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7af81186fb5d4b0210ca020cebc84bf6

SHA1
7ac65c1566c561735f521ce1514c25dda1c41f83

SHA256
f0001e0108db571fa4b84e242f185e32b46b9c0094445c9b00526b450310cf7f

SHA512
b6153dbcf695d2260ecd2265d26c146e627529c5712697db460eb9f6dc2924cb7bddf15ebdb6c4e2ad041d8ca81c0ed2f28d3be0c7fec7c045cc097b0982a474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
025de3ec55f3b79fd958e83d68092c96

SHA1
37924e2210570e5cae7af2097be5ecc56e9fa9df

SHA256
99f898d06246205292532d563e9880adca8483d4373517b9e41cde908bd6d15b

SHA512
5fd6cafa13de2741fbb4507f99d832ab49d8941e1e820aa81c981e7cce68d80623fa2550c9992e84ba37604cd2cf44b56dc41d9ee0a3da909a33644356022c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
f32cd574c407603a4ef41bedc711bf79

SHA1
524bc18f68261e9426cd1059cd1245f3bf6f1cf9

SHA256
b2a1ad10b69db6cb4dce43126522aeae803746cbae3822143a9b62567d3d1ea3

SHA512
c5af99899b374e846472170d2e2a69aa61f78b11babbc739d410c4af4bfcb8340ab6788bdcb094eff288e1a8ebbd97dc9930dfd81849acb3805107717f0e06c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
abf8e97812d3e301923e3d6182c33001

SHA1
ea7191a670829aabc92bda46fead29d8a2c18f92

SHA256
b2ac290f2ced71068c13d1db39a59a15447f72015715d808b346b0f5d2ea4c02

SHA512
95729f7b69bfef19f42f76b902dc53a4ddc1022ff9827970b8768f57267af5d2dc75df9a65fdeb6b2e7282a5d99b7eae433ce4a5e32dfe30dc98bd03d201a6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
35881cd332b8a8b9ccde902dfbffaa9b

SHA1
f361a3fa0cc1d3ab9cc0528219f555b22af10502

SHA256
6052635aa7e3394ec4ad3082632e661ac67de085d5f624c44f8f83187fc4d41d

SHA512
1a74ad359c225a3cce73b550979506033cb5f6f094bf4107e3f539c67535b557ca0571640e0a57b4122a29057db273893bc88056987037426603a3de20d94729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8620ab2fe895d25f9485bedc34aebba2

SHA1
3b2f811d6e90d19a95b63d9cbc858a41466878dd

SHA256
681646b0dde480916cd948649acda60bca209d755bc51bffa1a723195da7df06

SHA512
1a08b4e73c939f2e2b5491c816eb19151822d5891ed3c111dcbc3646fd2af1618d1e8dfa604ac8d7c60bd148334d08dc01b1f61d69e3dcf7d4f3f20c4754d897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0b21ef646f1368b36bd3247553e0a9e3

SHA1
aefbcfb367def405a51be72ce687958a585a7016

SHA256
f6e6f64ea5c1238d42f3be070ee5814d5fa0a65405cf28f6dab89cdaa9e14799

SHA512
caef597d05aa8d8b71a1786cfa5557bd81929ee4af01bf23fe4c7e2ecd45d03ec2115dbac5a1c2900d17e1f0eb5a7b46d869288fd3ce02768071ce92d6f78ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5c590ce5922599da9473803a01860f96

SHA1
422c5a6a8879d229997bcb605611339b8d7843af

SHA256
156ff5715eda53a7f3b28f6de034f1e47e949c95d7eff68e8bb449c9f779b786

SHA512
c53cad81b65ba708983a2a47e81f71aeec1e69f6a18470f8d0be8c2433ec5a772a63581232df9e9df8e967c56afc503a6855cd7a9b789472235d78d5d816b14b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
60522164bfcae1cabe50f1ee7a21ad14

SHA1
d8fb0cf741b08ab384ee466486337a96b51c66d3

SHA256
e1f7198a89e2b78b29240668071bbcaa7d16505b87cca21f43367a98da9f676f

SHA512
3790dd40df75353ed3903574a322ddaaf2aaa83fa9b0387577df5595111bfeeb7f264af9decc7b75bd2c2f0a7f58b811fd80440c8883148c890d6d8d1f60f35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
36be3ab610ce0b088b1bbf5bcb84c0fb

SHA1
d9bd144871ce51a4f78bc4379b5eac39f607b5b3

SHA256
2f03c75df132978369e03aecb17c356abbd97312501b6ef607825c90c7566408

SHA512
1a3ad7dc186e0edf2e98cedb5ebc1887f076c980a8af6efb1a311c5fea2f9166c6595489bead5851bf525b86fe01ad76f7e07868d0facbcc3ec93e657107ec9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
749ec6c9f7825930fe4a7cdf2b105b32

SHA1
94560917d3c31ba11f541397c581c63d88932625

SHA256
98c28be82a8d0a848955a7877be98f72427b97ac81eea6b60f31e8e4545847a1

SHA512
53cc5db42cc291d6a890afa478ccf66b30bfdde8cf1e5628875826d1a24c7f4d4a40de3083006544d3c7dd52a4bfb04b7a7867fe52ee4afe437168252f04d074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5edb3c7a66ecea0dc73e0c381d845ca

SHA1
12379f9743337115edbef199371d4b913ed0e611

SHA256
89d3730a6a29f79fe4458e69adf3bbd2f84f036d50632ab3c7d4aa639cf76c21

SHA512
07bc88c9e6bd59e1e513bef2f430551a3ee80ae1db081baf1cc95db01cc97507ebf8d9397bcc02b4eb475467293fcfc8c8f9784b1d281c35222f807a3d86e722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6e8a916d44f34b3322487e2731bf49d4

SHA1
e331b3f1cfa3e890823b4f1a3e25c7b4fe893311

SHA256
453db75b9087998495b525a32f7598d78fc3468b4cbd858a1aae17803efda511

SHA512
233ad8a72bed6be2af5dde5a1359c3e28056e4b4d4c9836884cd7c36f3bc86b7cc685761b7b6f3474a2540c5493744b2884c56c6f750079aa8b9f1c1c21bc938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
290c98e75cbdb02c68b91955222bf33e

SHA1
38cf94bf27372598161f6ccf67cb74ddaa7fb268

SHA256
ab9bb4dce268cd89862f1bb9f21d6f118ffa729bad7610568bcd10312eee32f4

SHA512
2930c9e256cc882fd9aa9ec9f3ebc6e31f7922401a75f5d69673778ba873120af3f4dbf36f5493b28012bac63e8dd9e7a3d9120b16a3a28abee4b5e36781df8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
be6af5e28b9c98a4cedf5fc12e61b2a7

SHA1
f5ebdadde5b3c417ef241de588dc20b70b635f57

SHA256
de1363d251721e2e4d00fad879c4ae9d626763e9a0e7ba6e51a4e7684b1fc8d2

SHA512
9e7e168d4fe7559636b6fcd654a9f8241f34586947869f32258a0d8464adcde5da502e63e9b7cd5b857692d923bf1d798eea30111b6ca65eae1715274e8c9e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
9a7bff86087738b2a1d343df51ab35dc

SHA1
81cb88d2d1aab8d9759734c128ad4533069aa508

SHA256
0770a630d08b858ef7a49598eb29710040ed9921afe4b23551d3c4d48ffe2555

SHA512
debda2290469b10176b0aeb8823d84a2bf60dff27830a89e070fb6b66b838633ce2e10628d6d32198b661fe8446f4d11ed663193fb7208c6e379f203b8b80b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
31bcf74882b94fb4dd4fdfe9f74d6204

SHA1
2f0f5f4d665f5a0fa6116ac77735173efcb221f1

SHA256
d54c2604a638132e7a1d0ad7b7918a5b0dfc6d828b2158a0ba2468b10593e90d

SHA512
c20ec32368f328c0aabefcbcde3caa544275497653ef14b6b22771aae6c7a1c573a646c02ec6a50768061bbaa3ae299a7e22516134f59a020c60045bb0e3221f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1b71d3525a1d89e2f054cc8284efcb7e

SHA1
5f0c443815eee0bde99b812c2e294c7e2a819088

SHA256
2566d6cdb330007b8d5ef203f5dd4d9b2a32fc28d2769270dddbe4054a883cbd

SHA512
25831f14f69839f2c155122407d5c58f8b9ba87c8042fc2824d8a081aeb4db3e2a34ec219eaa834a784fd1d069fa31b335b52865bd1d13c20300e6104bc988c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
244b0f6dacaa7706f25bd931229f9785

SHA1
aedf7ab19675f1585332863184063e8f42e4a763

SHA256
7b73cbd25f0e6ccd6fca0463834df4e05fd6b29c5d4dbdc4040312456a85a41e

SHA512
3d1b9c460d1bae64634288e8283e3e59346da84d48d8c84e9074add0192db5dd93f14be2fb2170f949435474398dcdd2f814a9357bba49eedfb45ee282ac7c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a5c5.TMP

Filesize
48B

MD5
7feee04054a7e382442c55fc35e30cab

SHA1
30f4a6f0e82570e68b038817f14d30e428f07e11

SHA256
60bf8a84a9ecf1a8e0ff77e80da26205c341b982ff4847336a0dac9e30abb130

SHA512
ae7ce9f70adacd39c8bb1139836102c2b0b56ca6890443aa309afe1a7ec6d347c356a01f09736895ed384507185f1223982795ff4df8ac01b1aa91d2c2336151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
c7ebef555f56d1736c7c9c44e4f96113

SHA1
dc29b72e44b8636d1480b2dcd6ff47a4a32c89f6

SHA256
9ed94eb43e1f10e6d97fa90c490daba826927f43e136d09618578239b6d180cb

SHA512
8c5ae52eea5c4418573423f206a1fe591edf5e6ece6bb7e8264374acd7d4270d99c69478be35c48bdd50a733c1b1295db3821ee9251db7a4abf70b98252321f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
69a03812d887d442138dbdede0445bee

SHA1
b6e21ea5647bb28b8a99e3d618a9d29d3b849b43

SHA256
efc8a4b398a047cd37a15ef8f3e1a4a26679d3ac0409a1aaf61d7135e21281c8

SHA512
e35f2bfcb366b9728b859daa27e9f0c81041f2918737f7ca3f8dc3ff14e7c0e05e696c8cea6574f3fe8c4bfbc2c2a7282f4e2880987b5a73df2946ff44012771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
c46e71879858daf6c54f155d12621ded

SHA1
06de4dcd867652f4e96201d951f9668794efd493

SHA256
d14e28c5fecd84d585d7034743e5b1f3498101e14cb2a186e1d756b4c33b8b2b

SHA512
7ffd9c24eeb593b940f21ad3956ac9f2128dbe1cda19048d458b2a2f57f86508520d574bd67325c18a49eb448972a9ab47949d69152a3920dfb076efb76c8bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
b53af19c405b84f37fab25f9382fb16a

SHA1
fdae4a5e4a5c3e0997faae7299696e217d44a3de

SHA256
50e606d6a9614aefbb296a771e9994461178068cf2c03364155ae257a579c138

SHA512
b3cd7517f071b5545618cee27453f62934520fd3927d512f7f5d3ec7adeafcc1508a37f2e50ee0e6b6c3d153b89ab6e802b294fbfec82de7f7ffaabf9d92dd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
be741281996254d0e2cad1e1658982f9

SHA1
f428e53d897d9c16b9ee830e854fb11a245b8f4f

SHA256
5b3c7ea7c48106c765e4a6510a35410251e8401c6a7e0400006efc7211587ee3

SHA512
e33d39010ce23e71bcd05adbc673e0178cc1d5088bfecffeaa668b0ff5f1f7ce1ac6df4eecb9d61a05d06fdd968e3e6ea220e09d37ef550bca702b95b7854c49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0o5pj305.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
905ae87f242e3605a6a9337727f8569e

SHA1
f78c36dd7b6e901caa74942e7e042e17a8857712

SHA256
d9fbc76ee683ded1b11bbbf7347f85ed372f57a682ecfefdd060de05817a8f20

SHA512
d8979a77592cc38dcb13c3054183ec8fe9e7dde691afca1cebc3e2c491faaf78be114b2f046dff80faa5359ff857579162e4390f6079ee406f0a32e4239f2e5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4544_639933635\7783497e-7097-4d33-bb21-887112e15615.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
e8e3206b0d31a9a0298b4f8d00aee511

SHA1
0b28cfa3bbd6c7b83570a24b0decdea2d4572472

SHA256
5a4e7ff93d6a6217a4c0ee6dfeeae53662de0dce2b29d08100cde9ad865a6eca

SHA512
1c3422458d06b53a997c7c49ada1c76e5baceef96c2e86da509a4695cc8d3e1a29c3cf526d60477f3a1e22c6a3d23be8a94c6a50e9e08734c5af8e0bf970b93b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8e56afb0ba9eaf67b8408e65266be2f0

SHA1
1f87a03d02dd5e686ddef752e5fc7ff9edfc28be

SHA256
60ed21a212cee919e8e42d3110aed0b0cc73cdbe107ee8dbb2b25b31301f05ee

SHA512
a17be15004ba03d25c8acaa62d9f43f9b2224262b5368c271a23e8ec8c4d36b14a7ec28b9ebba5cdb3ad83f6d6605bdef4f13fa0b7dfe8e5c4aba6bec2b0f17f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0a4aaf9eb1d7366b96a16f9a71d4aa7b

SHA1
8e4b6795f3d5cffe771c290f9a1504cfc9f59048

SHA256
6e84208be4e6068e952694506ff90e94cd7aa45afddeb664413a65cb92ffe3c3

SHA512
c568be1d275508f5ab0d88a28bc9bab5999313986e8ca5f49d993516e4a1c7841938b7a71823ae4955102b37d4084da415b881b1f97ea602eb6fbcd567a35415

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
0c55ef1748da0bcf4fd5695846e27521

SHA1
02f43588cfb035ab35db7f22b123de96cffe6dc4

SHA256
656dd9ae777fd9be95c2da850e989e7accdc254b2a545f0ad8af0ac609e76559

SHA512
bdf93ca20a91228b9808a8d0b7cb26fca3c9081438dbfc3fb4be1be5eb727dc4d32333ee7c5d271e96958089a962af74c7c82dcbbaa03ef99a61e364a0102565

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
0f5ad3a976569ac652f1b3369c02acb6

SHA1
2b63bceda821e0c086c970eb045c8d26c03a9607

SHA256
c7c7ff608abc0202dcac510c660f7b047a1c0e23a2b8423a65b7d632e6a8db0f

SHA512
bd4157b0fffa619b49f9c1ad2c462ec3295ce0fe2dea3e9235361d78caed1d104e408df4543b66207a3bc62cc8a5f484d1237cec13091b9e8b7a8d7116cb3463

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\pending_pings\0ef7d99f-3db8-4d32-afc4-b8cfa4546a5a

Filesize
886B

MD5
f36306da1a0bc20e739c366f4b9adf4d

SHA1
2046d3128152a3f607d409ad314b8139e1045084

SHA256
979782253fc5ae90591f3689126fd6d598e09758726d21e8b1fb655d15906388

SHA512
10d83bada30075664f8d1daa379cb60fad693a31eaf97b25ff9c4d095189d7102eb2c5288389b52e4aa051ec3859fa7690ec18773b14f35bc35250f812e74b75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\pending_pings\20c6c7e5-cd24-4d53-ac28-805c89fabd95

Filesize
883B

MD5
2426d00ce08934d51db19cbd53a7b50a

SHA1
9b0111923a8fc2e648fdb8d4bb43bc4052b9ae7a

SHA256
3cb263c04ed8caa6300ff994c4de00d37b2fce7b9a96e4606ab198d8b7017962

SHA512
56daa21ce392205713cda0d2f3bf99888e54763ff0ad7e4fdec382674af54cf2eecb6dd9fe26fe9df1ab26f7f0550ec7deb6a2b6cdf4b778b50d74c679cb8514

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\pending_pings\423ba644-2cb0-4cd8-b0f1-a7ecdccf5811

Filesize
235B

MD5
6bae553ee778ea21170da3787dd4dcaf

SHA1
7040b9234f50e87381ab154f937f963e6b293617

SHA256
12457bb4603ff304102a7ec15463317afdd2928ee1b7bac09950e39baaa8e67a

SHA512
2725ad9e1f2d8c31d4085bcec4201cc414f007257ed24cd04a4c4299c6306c3971b7919d6c1f620dd38b849f7c93e65019a0a275c3aa2d8162ccd6d5bf4ac1fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\pending_pings\742f60f2-7b52-4480-aabc-c13e068358af

Filesize
2KB

MD5
fec6785fc007fd314261852902a8ad5e

SHA1
e1f11f86dacb81b7c3381bf7553b2c592b0f9e12

SHA256
e1bba6f30769ffaa339da9e90b558f23b92bbd57f8808e5f97639055b2b991ac

SHA512
a9fcb8181e695b38fa7e90015b2bceb0ec4b12ab0b695a9c3ce058d3665958e92716162a64132b12332d53a3231a0806470a285f11a026d3b16610623eda57e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\pending_pings\8b89e0ed-d878-421d-a2ae-53f1dbe8958a

Filesize
16KB

MD5
7c4b96d14fd1237758e5292997c095a8

SHA1
eb5bdaff84b8285dcbf5dbf8c0862e2335711091

SHA256
bd262c4a1834eda8901aa21b06db83fa6b3604ee8e7f00100b2975c27436e27b

SHA512
c21b5e67cbeda44d896abd68d8fcb187f054a6f3508d61045f438d5956bcce5becf043bcc2f6565f006dceacecfc40587555b136aa644e7865ef878f3e4e0575

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\datareporting\glean\pending_pings\e7a5fada-b3af-4726-9c3e-02af82bcea00

Filesize
235B

MD5
af7dd606a26f297b240c58a940585f37

SHA1
a6f4b571a034ef716c5d6bdcd9a15fc6218a680e

SHA256
a80454e9a3866f96afc575073b1391e34a2e80893434aaa80fa053c958536153

SHA512
20940a8103fa3b77362f2b66bb1daba0fd51e5043127afcf086bed1760348bdb1535c96a72deaf54f0b7c60c1255753ea28bc5cd1302ebe377925ff3a5f7cb16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\prefs-1.js

Filesize
6KB

MD5
1530fe2071ccf416e59bbf6dfb47eaf9

SHA1
2822b5d2df7f081b6a8794e3c06c21f359f59a85

SHA256
9d7029957c3d9543f3657e99aaf9858e0e7b1e4a8b8faf508d9c8bfbd4798cf9

SHA512
e4f9d884e6e7ac6ffdb58d2f18130a11961f61b49f505f867bbf1770d77e660a55d0c358062f5df188a8c9e07cc1bbaaf1af957bb53a258da35e30ffb5b1071d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\sessionCheckpoints.json

Filesize
228B

MD5
66bdbb6de2094027600e5df8fbbf28f4

SHA1
ce033f719ebce89ac8e5c6f0c9fed58c52eca985

SHA256
df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc

SHA512
18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

Download Submit
C:\Users\Admin\Downloads\malware.js

Filesize
3KB

MD5
7a8b60cba6d70de8dc426b0f553c3e40

SHA1
27f15419fea13568983d27d8759e3e18c53baa00

SHA256
d95da2389982c5b2db03ec079308d91dcdf92e18cf970153bae277829bc3bd1d

SHA512
c01b4c6e687eff0fe047c83dd20794e30ea0b354d60dbd835c0b7d0449552735e8e50e771682d80e67bb017bf78628268a0650903ad044a35d6265737ca0280b

Download Submit
memory/5684-838-0x00000219EBA90000-0x00000219EBA91000-memory.dmp

Filesize
4KB

Download
memory/5684-836-0x00000219EB980000-0x00000219EB981000-memory.dmp

Filesize
4KB

Download
memory/5684-834-0x00000219EB950000-0x00000219EB951000-memory.dmp

Filesize
4KB

Download
memory/5684-818-0x00000219DB640000-0x00000219DB650000-memory.dmp

Filesize
64KB

Download
memory/5684-802-0x00000219DB540000-0x00000219DB550000-memory.dmp

Filesize
64KB

Download
memory/5684-837-0x00000219EB980000-0x00000219EB981000-memory.dmp

Filesize
4KB

Download