5c3fea56ddc9997570937a0337a81162b08a1be7bd97343279550801d28d161a

Resubmissions

28/03/2025, 09:27

250328-lerkxatzdw 8

28/03/2025, 09:23

250328-lcz49stzcz 3

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader (1).jar
Size

3.3MB
MD5

a0a3bda3fbf50e703499765f7d279370
SHA1

b5a65db8efab3f39dee165aeec6d1f9ee378fef5
SHA256

5c3fea56ddc9997570937a0337a81162b08a1be7bd97343279550801d28d161a
SHA512

9f6f973015b3dc9ca077a500100d7c9c66ba1a1cf6a7b1c36976b7950d7f2eff27157d3851ed9545181d0c6897c9de4b62dace6b61f994124b3f3b41bb217741
SSDEEP

98304:Iae2W8uUMl4IYJ3fRY1LiSkn99eGy5m1pH10J:IFbVIJ3o+SS9S5V

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876274918033823"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 3308	2632	chrome.exe	101
PID 2632 wrote to memory of 3308	2632	chrome.exe	101
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 4844	2632	chrome.exe	103
PID 2632 wrote to memory of 4844	2632	chrome.exe	103
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 3112	2632	chrome.exe	104
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105
PID 2632 wrote to memory of 4416	2632	chrome.exe	105

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\loader (1).jar"
1⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbb9a1dcf8,0x7ffbb9a1dd04,0x7ffbb9a1dd10
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2232,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2096,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4348 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5388,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5676,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5576,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5876,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5640,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5592,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4448,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4412 /prefetch:2
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5816,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4944,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5644,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6168,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6508,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6512,i,7069006450339768998,12491571557858653663,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4436

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:428

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:5468
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -jar loader.jar
  2⤵
  PID:5320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f3617a3-7bc3-425c-bace-ab625efb8b26.tmp

Filesize
10KB

MD5
82372d9ffda1d322bd2d9752d890f0f3

SHA1
3eb3aa2db3a8ae4e7f608954f4bd1e205cdebcb7

SHA256
299836b688158a5d54e11817b98538bcb41c30ca3d4b156c6fe33159364a8259

SHA512
f5c07e218aa108878645029afdd2e0f5c913ea0021a32c65dc66a95f4e64ed1a41938785872c1f0fe6821832758a82a05cb41fda28d3aa20ceab0ca6a373af2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5df8616a0cb054237adf337a0afa9ef7

SHA1
70c595dd1ce02dd2f68c716c17e4e114ef581348

SHA256
eb427503536cac0b51faee0fc8dc06896c747abc80c74087fde5b863f9910624

SHA512
1eb0cd6dff83cc08e53198740749236b0be1c2306e254498ab71894387c1b702b335dc9a166aba7c78253c2d99caf5b61e84df2f963b33ac4231414b703f9d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0a7e8e41af9fb490272a6d06f88db188

SHA1
a053fc818426ad941933e8edbc2abcc05c071184

SHA256
8156d9d3f60efc317f85dfb3048b6db661599e33f5af768bb0a14a5dd0bffc0e

SHA512
3d4cfb9d11202c196202c9c1f4cd54903d898202a10fd08c45fd7e08397a3d39d5d13526c8d6305500ba21fd6f86397a8f85d637fdf5aae9e1697c8e2946db94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4e3fa2b21ed819ebc5877424b8279bf7

SHA1
5474ed490e0b2ad7b999af60a50a56391a0b5b6b

SHA256
da3fdeda2c249ebfb7b4e8b8f83af162a2e8b6c20faa74b0a4ab50507cce44c6

SHA512
dddb273544623486ef4fa9b8654009abaae7bbf167858ed8b62ea5ac67f605dfd62d75b43023857e1290c6677a14614ccd24f1a83996a22e02e1267b9b2a87cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a5c5f732b9e2a3e14d6a98f5ca68ad4

SHA1
4e5e1aeb6fcf43d230482b5067f907a8261ff43e

SHA256
b6b176da2a9246ad6cde2b314c9004c6636e1e2d78121e1b1588d01e4a267229

SHA512
6f2cee88a044fb646c992ad8b1d72090ab85f39d5299c83006232669809aa03b1066068f1e811dd04a1c6a731f9dc41b97cb906675b3d36b46df3e7b538fb60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f2a6898c5c3b907aa351000df215bf9a

SHA1
7ff5d54d44b0e0bbaf147076bb5856aa54b0aea5

SHA256
5e7216b40d6d909981207ca729fdc7fa992bea05d881cd9a7e8e324665c888c0

SHA512
e489ef82f3a1567702ddfd8b29aa01b4b36f787f342046e3d87c0691bb7b44653118752169a75212f3df422d20ccdc521f4a86b5dcf00433c1fc5d8fb0097e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5842566f725d0fbc21caeeedc8a265cc

SHA1
c13edfb0c232f4c9689a76296a0f64600d7b479d

SHA256
9f51b6ee84745de97e79d1fab1112117ef9e6bcbb49a92976905fae911dbe34b

SHA512
1e8f8d1027bc039b88647ba7292f5439437d62b1f85b35bec40fc62a66fd76604862cbac4723b7aa7df82e076dc2281a7e30a4e88144b9d06536bf0dad828641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91c48894ab8416757fafaafe6e724640

SHA1
af9a19497dfee693091e227a2df777b5c1cc55a8

SHA256
f23ec4ab01fc157fc70e3ab86c38d1ac27c1432926e53c450ec4ffec65ad01c2

SHA512
4a504935c214e13ee08ce3b5e44f25a02929f90a6669cf75a1175fdbcbc2062f2ee98b565330613b65e18af72844bc921fae5dc6a456f09a62d9c8d5b4b061f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dac26cac8b4ef965ed91f0df15669223

SHA1
97af820963cbe9c7007eff3c9b7557654ffa6df9

SHA256
7e042efbdee293bc268b74e572ee9768a41b791d04531efe1de546df8b0bf0c1

SHA512
b5607b0972962dd97e92750c4ff533435e204f34683639d5dcb8f122fe466418cca384e4cdbfcc9e4dc26f6cdd86c9e57c9acd7dc48e25fa1ae7fb51e04b6e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
10e4d6e3cfd6f9277c45d6ed8a0be5e5

SHA1
748e7829a9a2d8b7f515c189c83aac8f0f3ef7fa

SHA256
c51c107bf16f42aee4aa674100a99188ffa6961c9bf36c49b3e47aa13d2f97c7

SHA512
88f7d86ab49edf75998585e61d9cb97a8d685bc7feed9dbd8a0d11e5c0239cd2ef1725ef54afd833dc7292cf3d93d08da59b618d9a1f61448fd89502ce2facd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3dbdcfa4d2af497ec0550c09fa0a8f20

SHA1
fcb7dc1d5ca02679880714b691f3bf7a80aebf7f

SHA256
fbd1d6cf01eb90fcb84caffe17de4998005a9460465157dc08062c5b0a43205b

SHA512
52969207b2a75a6459308d90fc7a2533b392433b512eba92965c6f967b5bfd6ea6410e8165d8a5f36f099b9bf9a7c06010e395702411570cbacafeb29ab2b0de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c9a3d008a9079ea370efaf3eff49c81f

SHA1
ce8964e1b2262b4f91b6b4966bdc9c1077b97cc9

SHA256
73e92bc793cdc325c609dc1ba3162a48a66bd5e3ab6f5fb0cdd91eae616fcd6c

SHA512
cb426c1697006987c0e34b74beef333606c9343633cff9c92f3bae0eef8632af798994aba23f73888c7707ec344eb3de546ff0f3f55de3a29df8dd50334db058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
50f45252881b62ded90bb684d56d5de5

SHA1
619a94b2199e82ec352ae324226fd08d0420ac49

SHA256
560abba9f10a150654d8912f15eb727c544fc1f7a4a8fdbbcdfbf088056f4b18

SHA512
5231c998222390d3138079bb05038585a5845e7763e15bb98644a34e89e6a56b689426c5f7519b6999b14aa5839152c182edfda6295f24dd9dcdaf7a0d238d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583042.TMP

Filesize
48B

MD5
ae8e5a3c635572c0ca2226d38022fcd3

SHA1
c0db479fb1c9a8ed573cf462b68a82888e79f2aa

SHA256
e19b306079c5094eb8e1ce250b2bfd9ec09e491dd6f65b5533dbbca3145d5835

SHA512
caa5f599bda08ba1d50d743b08b50d23fe8f55db92fba11693d638fad1bb98e7c608626319a68bb1acec4285ab2769f20129e2ec57bca28ec853a183e26a0920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
6094b37232a99e5fd7460e500700a2fa

SHA1
e85dde86dcd5c27b1992ed4facb5c7fc4740f17e

SHA256
39710bae0975ef21a3b8bc3ae42967403a1b79c4f8c8eb327450becb51274263

SHA512
542d2a6e7e5c71e9ad025302107afb74c2e399bde594cdc36a5354598178d7bf80e007f815270378c767dbd6cb2522e371c98dbbaf30d70b3d9dea37f9b0470f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
975d4664997ff16a2a7d7ea1cebf94e0

SHA1
3fa89d23966ea15bb0dc24ce87157185a09de20e

SHA256
8786ebe45a9be6e025ee719b0b9cb15dc20f69879a96a4429600035b2e0941c7

SHA512
9614a753feec5d8a6386ef95c55ad07fdd769431e4674d53842ee1acde7ece940792ba8a19b26736d90a56678c02a53f1567a55782a5ef1ff42ff31446b1a056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
886008b5eb2d7a152b9960d6e5f2e40f

SHA1
e3a38945d883a1a4d33295a8bece94f5e9acbaea

SHA256
f8d0e5320be600248fd3b54da0e4599df8510be097f40aa7ed3ea089079af346

SHA512
48b65169964ad1b59ffd17562d80a15d264b627d40624437c238bcfec7620446522caea909b6f1438446b33a1a8363ef9afb9821539523c386fac32c48077c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\988ee55f-68cd-4003-a924-24c46ce34654.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\loader.jar.crdownload

Filesize
3.3MB

MD5
a0a3bda3fbf50e703499765f7d279370

SHA1
b5a65db8efab3f39dee165aeec6d1f9ee378fef5

SHA256
5c3fea56ddc9997570937a0337a81162b08a1be7bd97343279550801d28d161a

SHA512
9f6f973015b3dc9ca077a500100d7c9c66ba1a1cf6a7b1c36976b7950d7f2eff27157d3851ed9545181d0c6897c9de4b62dace6b61f994124b3f3b41bb217741

Download Submit
memory/952-2-0x000001DC360E0000-0x000001DC36350000-memory.dmp

Filesize
2.4MB

Download
memory/952-13-0x000001DC360E0000-0x000001DC36350000-memory.dmp

Filesize
2.4MB

Download
memory/952-12-0x000001DC34910000-0x000001DC34911000-memory.dmp

Filesize
4KB

Download
memory/5320-598-0x0000020BEBB50000-0x0000020BEBB51000-memory.dmp

Filesize
4KB

Download