922e2abfb89a6293226f43f8d74cc8fcee3feab90d6c18adee713b8dcba2f769

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Actions & Stuff 1.2.2.zip
Size

32.9MB
MD5

c27f58b29193f35a9c6938566553bd76
SHA1

a3396c0a3d5966181f670a3103d7067426c2ad8e
SHA256

922e2abfb89a6293226f43f8d74cc8fcee3feab90d6c18adee713b8dcba2f769
SHA512

9b99b563777dd9e6191026c0f3b8acb1bbac31bde63fb4cc80d45a82df7b45370dc8bd4e5b4ba9449e95ed6f764df6d36291226f6fbfbd9d8d61738ba612daba
SSDEEP

393216:Ln0+6njihuNNp9q2/sqUpg6RwgIC0ru1VzgW6eBlVZIH1nSHBQNzg8:L0+6j6sp9qPqUpgaW3rKgheBF8NSHSN1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876086092026957"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4684	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe
Token: SeShutdownPrivilege	4360	chrome.exe
Token: SeCreatePagefilePrivilege	4360	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe
4360	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe
4684	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1892	4360	chrome.exe	113
PID 4360 wrote to memory of 1892	4360	chrome.exe	113
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3868	4360	chrome.exe	114
PID 4360 wrote to memory of 3896	4360	chrome.exe	115
PID 4360 wrote to memory of 3896	4360	chrome.exe	115
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116
PID 4360 wrote to memory of 2528	4360	chrome.exe	116

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Actions & Stuff 1.2.2.zip"
1⤵
PID:5624

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffc0d0edcf8,0x7ffc0d0edd04,0x7ffc0d0edd10
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2040,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3436,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4496 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3240,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5556,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5764,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3096,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3932,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3512,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3252,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3432,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3464,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6036,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3936 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6060,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1584,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5940,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6052,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6116,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6336,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6356 /prefetch:2
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5604,i,14695813977062269743,13926293070367686067,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:640

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7cfe339684a27b31e43722f076d0cdbe

SHA1
dc6b5b4ae850185453cecd8f3917f9962a10b040

SHA256
2c495924e84cb7a503ad7fc3085aec7a8a6f2ae0503f06333c388f7757ee7506

SHA512
d195258e9391bc1c0d878dea9cd6700ed40bfc11dc5c558e5307fecceb81aa774cda3a521c3c0edf5f0f1fb82258a5851889b50d589e3c0970cef0db52c0d5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
d93b6b732c7fc0fc95b9c44f79cd5cd1

SHA1
5072b541531dba76f59eaca2fcc86f806f407d99

SHA256
4fda300f06d772562ab31a60fe7310b914f68db47804dbaa62fcc63b79a3448d

SHA512
f90b028802fe54bb09e23adbaf27e50282970d59a2f0d4891fe21539dd3be0fa83890f2fd322a981ed55d6326ffeb62e7c502a180cbe1c58f40a9f5db5e1633a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
39334e2f5dd249e8d540d1097d027c0b

SHA1
b779aa9073c7880e9baf669d19866955f3d65b22

SHA256
3169fb301ce38fdaf3e710e4704c1b17720b52c69662439fd7e98a832b16662f

SHA512
77622b6cd23ab8256d4cc5742560487ecf8f6ef86f1680729c2c8be3cd4ce797ae1e3ccf9ccdabaf0ee47ab53b75c1f8599f57e21d0c35f83e7340aa47661fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
159d062c40197353b9feac16c025e249

SHA1
60889b39207b730f11ee29af3eaded197b076ef2

SHA256
0049ed77ac51307fccaaeb25a1b0b3718b04f6c887bdc0b9c53f37456cea99bb

SHA512
8d8a162007f7d12bacb82f65e211d33d8c058d4a1d8d4847ff519b2cb267b9672b09806c9dc99b0575e2a5d6a8ee40783e1d3af8a8ac61d6425fb71749272682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b8db499ff15d1bb569f187f431099e95

SHA1
66592db72a3f54f31bed9d167674ce75bafc37b6

SHA256
5093c038e20e1c76e4cb672892b82f2068cf3ea39286288368440dff4bd3e516

SHA512
9e40a42287007c96d7992e8b933bb353c5f8c3e6a3ec9e60df04503339a724fd2b44b2f9a303ef1e737e508751d5ef501697d3d0ae2166f807e015970af841ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91659b8ac9db4e3b29a428ac8e4b73d2

SHA1
a00457950fcf72bf79f67f924fbc4aa2dd8958ba

SHA256
51749aca541a5d2634e6f996b0034d0dd742d1d42181dcdc7518b3064c66194d

SHA512
9a23537fb1c942874219fdde4acdaecc2dce96617fa9b007b0ba157e52b6c33989bd712b63ccde8dc9cfb7f4f1a5f1a3960201a994a1f9121377603a10ebea85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
ee246d9d5f4a43595a1f48ea92e119d1

SHA1
0df0dee6ccf5957db8068bcf50f51b51edcb9d13

SHA256
645660dd795b75a7c566481929ed959fd83d62e93656aa0a4dcd9ddde9893715

SHA512
d930972e081bdefa8175e562213c808f5bdc52632978d116be073c568ef4d31fd45daaf9bb37f8e8ab67c231a81a35e2900627823ac233932c12f1c70c065ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a4683e2551f1ce793f0b285177f77ef5

SHA1
2697d08cb70c6cf6ace6ed28f1da702fbc6a195a

SHA256
d964f61821306b085222b1f8dbe394fd41b57c26ef924e96b0dfd0d36e9a7f6e

SHA512
eb29567f35bfef43e134c3da64a9689906a5b3fc4496e5867f1e803a56b48e562449690214634143ae0fb24bfee75b09b62f1b45c12e5fcbf771e774b0237992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596de3.TMP

Filesize
48B

MD5
3106fbb3798c50367c8fb8f6ffa949f3

SHA1
f7419408d96bd9b2d41066c0ae5176a9e242f633

SHA256
c15232328ead9d793e3d7c5a8f4a7694b611287ec9d51123e70ac95275bc5c71

SHA512
9dcb6ceee1d01e1d156fdc3c1647c3ed8e5d285e5e4767a01605330325d4deb383db7782b87a7d2e63f2555099f12a09422635c901ad91ad82451865ae995ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
a045b32ca8edddf8d91cb788571004a1

SHA1
fbc22cf882fadc791d525ccda5d813af5665ecdf

SHA256
207f880561252f0e521603c4edfd768bda7503f56dc4244b692eea65d2f44095

SHA512
8955b8c0f543f3f8d0a88e430479bf1a596420e61c02658371700db091e79adf0973fb00bd4fadd99e899ee516a26e7aaa10376e8bf104901adc96102ab06095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
848b5526b3436a3f05f132eb4c4afd51

SHA1
a6d55b3a7698ed55db557470b407f029eafbcab9

SHA256
3f1349c640f44f0519261c789fcc858e8f11dbf14cea4f4ed9306b0ca1c38f5a

SHA512
92ef426685f4853270a2a30970abd9827a0d4dfb9156816950cc97ca2c1953878cb7264430d6dc16f8daf385570616628041dc3d4f47364a56ceaf6c15ee47e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
0ef7bbf3a678926c944204067f5a96fa

SHA1
48196d61d3d088125d1f9d76e6d2b971b5b4e16c

SHA256
1b01704a5ee9dba474311f520a4767681e449373c91d4e22a229539f66618e12

SHA512
9c27996d50af24d3323136f463cbe489ce55725724a24d56d6d17eafb4121f1a60834493ea88565f568902474e74c90faf5d28a9e0ff60ea84e84aff31090605

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4360_667744633\49494fce-4feb-4216-8f55-b2822939c475.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit