hxxps://thepiratebay[.]org/description[.]php?id=77062907

Analysis

max time kernel
62s
max time network
64s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://thepiratebay.org/description.php?id=77062907

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876496231211979"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe
Token: SeShutdownPrivilege	5148	chrome.exe
Token: SeCreatePagefilePrivilege	5148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe
5148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5148 wrote to memory of 748	5148	chrome.exe	83
PID 5148 wrote to memory of 748	5148	chrome.exe	83
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 232	5148	chrome.exe	84
PID 5148 wrote to memory of 2772	5148	chrome.exe	85
PID 5148 wrote to memory of 2772	5148	chrome.exe	85
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86
PID 5148 wrote to memory of 1940	5148	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://thepiratebay.org/description.php?id=77062907
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff10a3dcf8,0x7fff10a3dd04,0x7fff10a3dd10
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1984,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1592,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4264,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4292 /prefetch:2
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4848,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5312,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5476,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5404,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5424,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=500,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3268,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3352,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5472,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4300,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4368,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3392,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5712,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3312,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5760,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3188,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4640,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5484,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5440,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3348,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4332,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4292,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5400,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4372,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5896,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5732,i,3556252151314565785,10090714097893326495,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:544

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
59508238aabaade71fe0ba3db7085df4

SHA1
edd1a59e777e32e8b41365cb2197514f94086bfd

SHA256
a9ff58d8901cbda527447de0fc6db3302fc341c01e090b0c99976a86894ebc60

SHA512
35a426f99b06ce0f10c619f349a1f503c9c3ca1a9c10781005f23441b0e336a68fdbac38ceaa283e0831415762dfb17f98d9f9602f3f2a49a7ba666af6367247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
33KB

MD5
68eae8ae528b3cf4965c780505e8274b

SHA1
23eea22c5ced491f0933dbdc428503548ae48636

SHA256
5c677af2d6e78de58c66b09577213d4b1c23cf0409822378053f1c457ff465aa

SHA512
7fb225df90deaeff597ea4513985545b5ca6d3b4478dbe5969554f15ff4b2c1652c6220b970304884adfc2860be045599130534f1c45586a7adcfb29a8e72ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
76f2a5c93b256a24f3d96987d831844c

SHA1
06215bcb456284af49ce4a05872f2e65330961d4

SHA256
50da94307723682829034708b54140283449e81eb430025f5ae541f489e2377a

SHA512
5a125b1f7a3f19fb188c7fe802b7e8eef11eabcd0d73d9ceddeefa2207b73e9d2e71869935e9c9b6d5380e5d55ed61e4a1ea279e86f805ede4582ddd75f79627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
09adac9e30673e6f13f9e6e70a95a0e6

SHA1
f478e2d9ba1eb12025250f54a0a5e714030de712

SHA256
822362751747a7c59796b7f57d7c9420b9191746d25049154e8a7ebda4710e02

SHA512
1e4dd520e2dbbe9535aa953aeb297155213c8a7b3c292ec7cc4b1a154e44f668b82df50c68f5d2dc95625ca46a31939eeb22dfbbdda6bcc8db037731a79504f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aa2813cd79c8d9561e0995630bc383d6

SHA1
52553034abe89a37c0722c7b8808966af6117c88

SHA256
2413cf7a2f176dd46593fe1a9b947b68c1903cbc98699a6455a5a130212daf3f

SHA512
e18c7c1289d3826e3db3b014e3ff75a48d2b3053382a144ea896173aedaacea21845597644d1e97e6626a6966385e365f449103e858b8af9449a5e170e620026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f82840c26215138041617203d3c2a359

SHA1
e341488f85a124b65f3334bf3344e1eb2674c1d9

SHA256
0144753d24cbe939d2386ca56a01a57b91366ee13b019e4b3bdff10b7e50afbb

SHA512
3ee2ef1b3aeea9669dd66b71c3e9f3814a0f5b73e66f64dbc3ba07ace11ad813af598bb52f8e744d655881e1e600eb7e8b178f6e95978aa924fc595793e0445c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4d4ba77b38d089592cee9b1a5de0a452

SHA1
54153df79044f39c5f1d67ff69bd4acf65ce9814

SHA256
6de0222445d08323901946afd265b66972a12c6a052da59259de9dd7b1b878f6

SHA512
a6c3aaaefb94cd07c76cf4ce3e6efb5dab01c746649bd904b40ca11c8681000c046044c944c4aa7be0b24d74586066b0ee8312ea44849b2850da5a58e7041249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1b903f53bdca84c267ec4afbaaebee53

SHA1
74cac0a6ce8fd140273dc79e5e8f5b6c5c56c568

SHA256
412f26d839fdb17189088269ccffca82d864a9912fb0604d0c531f87403daf53

SHA512
aa5b654340a81741f2f7df36b5f09ec593afc807298077b74200c4475ba08b9f719dfa6d44e675b25e941d9e64c1850bb8584a1f3a7545b32b6fbd67d0b5da45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1e522fcfff261d371917ed7e99c07367

SHA1
77eeb73f89c2b075fe3e0c2690a64f89559d248b

SHA256
5ba0051d1bf0f6448d8871fe05265c60f27744772648fd526f7245a69e245168

SHA512
135f40d709c705aa14127b670b042d1d49575e620d22c00ab0f7570038f8902cf2e21fda22297ac940f8a28c32039990e60686d25e3e69fdfef2049024523c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eaae.TMP

Filesize
48B

MD5
8d93e76483ca7c64b57ba3dc0be723e0

SHA1
250d021196825feb5b7fee988fc8040126c0597c

SHA256
91b8276b52494723d5a7e39267a5c2629be6d49309a380e8f042ff47d5d77497

SHA512
a3ce4954ce8117cf902f656e7f1406ca6fe4af81cca2a779e73c8ff610c183cd8a17a479d555dd7d813ef7eeee756141e3397f4c4db06b0e70b525b77585fa4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
63a0a73505dbf87c88eb5d338b542140

SHA1
23c2129a5d622299a8c285035e23932b9414db13

SHA256
e0ace171783134cd5032bfe3d73c8aba45eac5d385f81bd5a8bc0c060d7d9e24

SHA512
318bf16b987f527b8b664479dd5f9ce610c4047dcf1b520de52fcf013f6b28a31e20488b6b647d1e1194eb9deb4d1528d6dac35098eb62f7aaecfe7b14d3b9ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
ec20ded4c1842417360131901c7f44b2

SHA1
aaccc5127985cd0d1a9d4e6754fc2ebe7dde2592

SHA256
9ec1ab7de0f7e7b52085315f0658723eea3ab1d8fa110da8813688beb78640f5

SHA512
f07d2d3e6b42a6f96fc5fe5e1773b3460094a1c699f03f71fc16df697608c75706b882349036b7860d691fceaa2cb71556e8ddd3f185525471f79675cb479b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
ea43ea9b7e1d14c50b1f22c1f5511976

SHA1
abeab62d5b9dc63bb8f73f90bda2f6e979abfff4

SHA256
c7c6b86eaa0eb391aabeb00d0d8195cc774963092a695d3d52911b38946fb895

SHA512
029303da1b63048b23d75e8bd91306bdf1f1743bbfc280d1ddeb497ac4c7f5659dd31cd1f3a135f7e4fd258ff93cba4c004262050018206ac2ea8198963fe217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
02c287b1f274d9e90e31c9ee6aa6f101

SHA1
6cc0ded5c3b2f7575612f13409af03ccf22441e0

SHA256
d0ee615f51977a58348ae15871dbc00c24645dd51516d33ea2b62257ab141975

SHA512
edccabec8bf9c128c311b5bb449aef4383f59a33ac33425f79597ecee8d68e54d89835a16c815d2c906c805adf674c65f36759c90d625467f3530cf1e5a19a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
60b61828a390e590146ab9cb8f3da2f6

SHA1
a7cfa7b8d947601d1a96051b3823c0b98a034e03

SHA256
2447fdfe843a0b216592862ad615d8cdbb44dfbbd268b06da583862344738874

SHA512
de35d4b30a8582c70847328c04f5cbc0b1fc00a3fa19d6531f7cc1aaafd0beebd5ba62c2239c20f79201d4aecc2df7c636bbd997b8b5a1390efbd495a6d0bec0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
c5ecb344deed382b87bf448b5509a781

SHA1
6efdcb795a23c9d376cc3541d541dafe32a9da2a

SHA256
fa050dcad5d20883b6f5ec1df7a8fed23655b61f56fc82c11b0e0084cc12afe3

SHA512
15640f4ab26f0d9228a90e58d067a737ffc8fb514d00f339afee0f1487e00dd54d746099ecc935e0806d6ae4b32287f0599397c43b1b12ad679b5ae3405abd1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
e526667af34cfc251310f96ccdb459f3

SHA1
57f5fa92f8dd2c85d3c35add2a2808f2ded54517

SHA256
c0cfe689fb808bdd6790734e06bd38a8e1fa9d8e38a515170e50648077bf3039

SHA512
ff50ea925d812ad84317fa085c423b64ae200ae41424763b5309b4a82ffa1a4653ac3a1906bf00ec1ee0c96527a0b41a02f97d8601b46bcf8a353c5194e6f25e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
f307ab0ec67c29f09797658d2d9f2adc

SHA1
242a451ac07f39e425eb70da563214b48ae4f8ee

SHA256
2729ec76e16020c76e115cf8ae07cfc3b788893c13ec3dec364a1a705b110f6c

SHA512
ce47c6922186e39ef2c8848569bf842c9a8149b2b47a4e28b4bee79e23b0e2926f7825bf6401d13d13d5525841dffe100acfb7a34fbaef9ef0a6abe035e87e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
ff0aafd585ff259f1877ee79ede554ba

SHA1
55c61587199ea9a68c2f9ce3b2a0e99af4908e81

SHA256
aecf5219b31893dec5eb8cfaa65034211aa91d80ce1372cc7404cac42eda65fc

SHA512
048a1828c19fe607de4f86da127c0510b8bd25f0ddf41392b83768c6b8cab98e8c5b318e0977e9925a7ab37dc27483e03324c910d9d1ba29e9459f83d28246e8

Download Submit