ecd853ed875e310b5bb7f11f282c787f48bc9957d29540315a4f7916d2482aa2

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.vbs
Size

849B
MD5

e49e5df8d31589df96557d1a62ac04f9
SHA1

cb08fca6dd478a3fa3054f13b01c49cf8af91e10
SHA256

ecd853ed875e310b5bb7f11f282c787f48bc9957d29540315a4f7916d2482aa2
SHA512

1cbaa53d049e1241c6736dc101f85d548d7836c3cd4aa858461e600c52270d848f04db4145bc70bf5b1f86affd6038286f828d1fe509dcf55b6efaab118dddfb

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3464	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612099246705606"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{F3782142-FCC0-4009-AFDD-688D9F9F80BB}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4120	notepad.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1668	chrome.exe
1668	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 4120	1904	WScript.exe	83
PID 1904 wrote to memory of 4120	1904	WScript.exe	83
PID 1904 wrote to memory of 3464	1904	WScript.exe	94
PID 1904 wrote to memory of 3464	1904	WScript.exe	94
PID 1904 wrote to memory of 1672	1904	WScript.exe	97
PID 1904 wrote to memory of 1672	1904	WScript.exe	97
PID 1672 wrote to memory of 3756	1672	chrome.exe	98
PID 1672 wrote to memory of 3756	1672	chrome.exe	98
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 4296	1672	chrome.exe	99
PID 1672 wrote to memory of 1416	1672	chrome.exe	100
PID 1672 wrote to memory of 1416	1672	chrome.exe	100
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101
PID 1672 wrote to memory of 3744	1672	chrome.exe	101

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Roaming\example.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4120
- C:\Windows\System32\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /f im notepad.exe
  2⤵
  - Kills process with taskkill
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" www.google.com/search?q=what+is+the+problem+for+Admin%3F
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffbff5dab58,0x7ffbff5dab68,0x7ffbff5dab78
    3⤵
    PID:3756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:2
    3⤵
    PID:4296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:1416
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:3744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:3348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:4212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:4600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:1776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:1624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:1816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4500 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:1628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3436 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:3012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:4856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:3520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4108 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4500 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:1
    3⤵
    PID:3408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4324 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:2312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:3348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:8
    3⤵
    PID:4332
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4320 --field-trial-handle=1880,i,5999159805684503801,8253042772453417241,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1668

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4 0x3bc
1⤵
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
720B

MD5
545f8d3983cf02b512ae710568986b90

SHA1
69d859f93526e4d657fac3e0bc066e42cf51ba7b

SHA256
4aab8340b276d507dda48f6b6a30e1601ae1edec06c7c2de1f142276635fd27e

SHA512
9375ee097bef04434521d50019734303bdf53fb357498dd061a56083197ddac2380b744c401fa55e74cc5ecc37c4184bb5ba88b23b1746cea9f8255a44253c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
17eefa048e8b854644a79560326be3b9

SHA1
ed7e1398f7fe4d726a471e02c49c3fc09e3397aa

SHA256
e9ba45945f6f9422cdc226e05b8e0a5737741eebf512af395998fe72bbecde80

SHA512
c57635f946c2d38acd07048bffc66972f4c0f8e6e01b37e5f52d29cfe70c5928d61be7da1f3ed88a29a12388abeda4286c480f46cc28e33e4fba734eae400a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
56e243b86a5a5271254c3779ab5225c4

SHA1
6842c9330aea41ae3af8bba39b1f36d9974ebb6d

SHA256
ab3f3de2e1c4a65d6f0923d58f58958e3902b5dc6b369f75bbc72fd25e902601

SHA512
b31001999159944104736746d46de5c7d917bb0c17c37c0afdffe93eefab8f8536241232ee30e3b9e6b0d3f284ca0b7cd6a01c9ef78fe157d4f16ea30aa2f215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
79148970e5cb5248d862f0c5b6b24ed3

SHA1
b64347e3ec867c77cd9e3a67fbd7caa1cb6ad7ee

SHA256
0dcb447ad0f986e6c0b8f54cbe9ae1f2696f823b949eee84e5318ffa9550255f

SHA512
5ca815c14f779160b4e418c6e7758a093d7ecc5565f7f879aa1a2cd3c1ef38e93544ec15f9d440b8c023f7b579d2b90d3f360bf13b90c7e91efa5699aaf8a8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
bd0dd9862196ab7afbc5f26a09ecccba

SHA1
55b141fb52b0db9807628a82cb026d68fb20ddc0

SHA256
24bd1da8d8143ab82c8a5e23c988dbad3f4c7d7a425d557e5ffc7a51e82dc4a9

SHA512
85572770e3db25dd733e93505e12752467a1c23b8951db1220d4e11266d567a6e91591f4cbe6b7ba707c304c1495208bcc0c28a4873c65dc094d041d6211528d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fc5372d3e3a509bf68b3e6b754452486

SHA1
40b7b985f5424cddec1382c30d5af965e3ea47df

SHA256
7b86011357ede3d083cf43b130f0b6262186560348d7fcf1776ba68078206acf

SHA512
b18e9f37764630a73f4b233b93ead39c31e46841a51e4fc4aecc78aa5f6628168b7a8ee0e4d3174e59d845eaa9b58bcdfb73f695898bf9fdfdf8610f29bb2d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
c979f837f2fec61e5bc8f09af0e9498d

SHA1
de80df2e0ced0e0f37aca90a4151a7a3a379e5fe

SHA256
17c35c766cf9fabd58cd76414e335c3e0fdcb35e3eaca64d8881997df48e4074

SHA512
c3b27fde1c124e24acd2e639ad682261573acc581aabb24a77ce4a322478cd77c038a26ebdf8f40a0c361fe04cff9b64e1952cf1fc5da51ce0612991e610b07a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
99d7712cdf1d219a9ffdda9b4e9cbb97

SHA1
1cc1a364f9a17ccea28ce4787e62713848d76c0e

SHA256
f673b97e4adb14db9d0b127c464a719a5f31ee597406fcf9a6f82b05df4c01df

SHA512
0ecdd36353c53ff6becdc445649abcb44c3e1fb1a616db138787a1ed293ff689fd0401897017d3ec695c88f82069d7153fd384175748ee06bb264ca91bed6609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f4a63210c998c1c063f96a1bb2e74d92

SHA1
c997c8ae2754ee68a69a3b458089a472ad1f9a20

SHA256
e9d0ddb014732521ff67647112cbc98d86ac517f29ad0e77cc5c4274bd0bae51

SHA512
4ac40696649fc49bff194c6e8474408e5536dd52995f07d64e4be9048cad513a824dfdcee424682403a53defa28eef7923e31e0ce4dae465b929afebb9b6b86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d43b5df39e13eeeba440dcc2100da401

SHA1
da2cd5a75eef2b649a62b2aba6f17ee38af81cc3

SHA256
18e82595ddaa4dd64b194cd57c7bc479335f26839762e034b033901180925eb1

SHA512
0062d7d731f0bd219f5df9e574d726c3402d1b3ab33a3700aee3d97195ec1470dd9e4f0bff6489a5b85617052f9249f0d15482d0b007ffb6f5457ccd8c114e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8c3c4e6113bba6f6d6da637cf836b121

SHA1
3be9b626598203cbfebe5877931d3836fad28a79

SHA256
95c939684c6881902ee44ca73556c5a87027a6ffefaa2af1d4a6893f5817bae9

SHA512
8279b01c0585f77fb05bd66703c5de1dee9ddc63d4c919689452a3fca000ea07505a6b5a09f7f7b89161245f78fa1ff998eab86f10d0d045d450fc76a1ba313c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1b27fb6-cc10-4848-b48b-3759dfe21848\index-dir\the-real-index

Filesize
2KB

MD5
023da85ab33ad2d81dcb0b304e53e544

SHA1
3d25e918a3b7fbd516d728cf5cec76aa07657038

SHA256
d452e48bafb5a54216abf70faf1dda416f55421e31cb00fc2b0a4fdcb27991f6

SHA512
d543dbeabd11f4c19acdc4ee5dee4d30ecade709ec24e39dc8ea0710dde9de845760f9f4106d3e3bba6e44def960b9af4fb48eb45f2d54fb3827f47f712664c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1b27fb6-cc10-4848-b48b-3759dfe21848\index-dir\the-real-index~RFe58f41f.TMP

Filesize
48B

MD5
6eae32e81a3b41430e977936c3778430

SHA1
3a5dcbc9de24ed61836fa9198c058a3365d15cda

SHA256
31b069c2337433c62d822ada521bd70a49e3ae329068c2cde9d675d113f2eced

SHA512
e2ef37cc9f8a09b9a67b2a20cbf172fb9fddb4a489644eb0c5356bb907e367dbbe0618668eb6ac5da54c7514d0ea777419eee8139972050b7fc70400df51dc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
13c16d91599065595efe53cb2cd47fb0

SHA1
971cdcd0ed96485b9a234df6306dd6213e9331f7

SHA256
dd24dc4c247f65a39691ded82e2c4bf2b63388fc2e2a4305393d50e49a078bf6

SHA512
c2e3f76625847df97df8320c1ff38fd45be2b335f373be5b8a8deacc194c45a8e256e9cf2ebbc426e68fa71ce796fd23f6a0fd3cd916a8013d554a92c449d96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
cbaab0cf9e6b5fba31adc1d6c995a725

SHA1
3cee921d1eecee3f17c1087e98c2f13273df56fc

SHA256
bd5df8fb83baea88e3afaebb950982d2477bf4aace3637ac006c968d7c016c41

SHA512
d05e9c4d2995977a4977eb7d51ffecb1d02467c7eb364275a25638c1a5dfc56b8bd4079b13edf94c25d188a4bc4ee034b94778f5b5e6e7185577597484701d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
2fa4d7660b5e8750ea143149eea1097c

SHA1
cc56c78d9a912afdcf212e783a87a945ac4245f7

SHA256
ab2356b1f3d4e4c2db684aed13c8e698e231134e5cd3023877d47ff44915cb0c

SHA512
c59fdd8303b404d864ad7c32243d9485ffd7e7577cd811181f1d70eeb11559e2a506953eaae8253b7dc25d8c01e3cbf59b9341ed51675c912cd5542d5b451720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589de1.TMP

Filesize
119B

MD5
4d246ae0788f2fa70bf53a7097aed9ed

SHA1
261e5ed3dfd242c039a422924bde00e222f5d84f

SHA256
ff3f46e32b942eff244eaca22c7f03534821c43cc8e452225a057d5bc7d9a7dc

SHA512
1a50b900bc3fd9c50b99d9718102d8d0d86b8bbb4b965094e3caa745e3b92f4b67c268b77674be8b85480127ffcd88d71260e630003323314adb1baf0af28081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cf94f1d10ed920ad94ba8afa336ddc00

SHA1
0cd427b0de9642deb2e310917669822176f3c5c5

SHA256
b9aa69797bf7c7fcaf102631a05ebeab0fff8b613247a9753d3cd0143121f77f

SHA512
debca34b997c9397ca5ab0981093759f90c9d3cd2636f2b97cc55b44e99f4ca733114970c2a56eb224110f77a0d0a71b9d07165caa8c3987b87a028331b0727d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ecbc.TMP

Filesize
48B

MD5
d84cb86b89318f617ac13b18102bc907

SHA1
3643085aeef9d1e5d1f7a186fbc8390d404c227f

SHA256
7187de5e62352d14928ba757b3de37e1ab187c3d1caf9a18035c3278e8eb0275

SHA512
e5f1c9c424d6d2d1ead13d42643724deba5989ff5984a1c4d0791878d65f3176cc001dc6ac10570a8d9fa7cded6ee281bc978f37b699217d3d689cb4f9445f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1672_941858224\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
1aede1068fb0339501432cd3df5b88d6

SHA1
6b1ce5d33ea508c1f98fe8f441be5487b281cca9

SHA256
61e485a60f40f4046355280c6af59c24b8bed9950f0910eadef6afa2072a7991

SHA512
923d0632b14039b64001dbfe71d5524256ad3461b53c391b12aa2be41006134426f6195f8af7cbb554d5b07cdb9b5f2e59f7f6f06aee06b90ef2096a0ec5bbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
664360aba31cfeb1dc08ba48a41a34d0

SHA1
774ca936df8ff91c4adf47b10b0998b24903fb76

SHA256
4c1cf3c7930a42ca09545e685582d5bceaa481edc71bc9fe9122e5b3df0b5ace

SHA512
ea1f06c75e276e5d956510fd18948acdde6abb1acb22e20c790ee8086bc3760d818fa0c69d3306f2ed41dd4732d034b6573f6861067c198e1ff3137882e9a3e0

Download Submit
C:\Users\Admin\AppData\Roaming\example.txt

Filesize
105B

MD5
7974a453105fb964df9cbdf56bd8f998

SHA1
f99e67104498c6a19323cdb636f3edfee2f89119

SHA256
03eae3a1fc877ce36665bcf5c4f6b2614059447b454132083e3ed1eb439e00f0

SHA512
243e57c7f65de4f0ad505062bb80f06b2342d515b0f55bed8978f51367e517c42d60df5d85d83fa5f9ec17f076d2ea40fe4eefed7fadc2e72f88fad57c63d107

Download Submit