b40601a8272100dc01e9dd00140b7f41e7d92ecd784039c7385e4a1a26866350

Analysis

max time kernel
900s
max time network
878s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.vbs
Size

4B
MD5

d94d1952e9d7a79f4b38490750a70daf
SHA1

6a94ea863fe76f7149e854b8f7d86ac3fdc9044a
SHA256

b40601a8272100dc01e9dd00140b7f41e7d92ecd784039c7385e4a1a26866350
SHA512

c4bdcb2c06453331c17aae72aa65bdd922657cad8f67ee9fab2eb6783a70ac8216e39b48a5c26d3120d5f8299f462218bec57589daf5b64b86a68e715ccc51dd

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876493148706537"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 484	3700	chrome.exe	84
PID 3700 wrote to memory of 484	3700	chrome.exe	84
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 872	3700	chrome.exe	85
PID 3700 wrote to memory of 3684	3700	chrome.exe	86
PID 3700 wrote to memory of 3684	3700	chrome.exe	86
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87
PID 3700 wrote to memory of 4776	3700	chrome.exe	87

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\file.vbs"
1⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9738fdcf8,0x7ff9738fdd04,0x7ff9738fdd10
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2232,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2240 /prefetch:11
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1776 /prefetch:13
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4176,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4204 /prefetch:9
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4680,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5308,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5320 /prefetch:14
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5516 /prefetch:14
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5628 /prefetch:14
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5332,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5544 /prefetch:14
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5352,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5656 /prefetch:14
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5524 /prefetch:14
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5836 /prefetch:14
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5524,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5912 /prefetch:14
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5832,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5344 /prefetch:14
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5656,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5816 /prefetch:9
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5768,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5872 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5872,i,14276291450810390196,9133291021537195003,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4100 /prefetch:14
  2⤵
  PID:1652

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d481c10-a440-4a7e-8b31-15338ada76d0.tmp

Filesize
10KB

MD5
2ae912ea90b0ec94610f006681dbc95e

SHA1
697c60a34ab1d256086e66a9a82d63e5223685d9

SHA256
784ab8a5fc1f3f478f943a44acb174226eee432a1c3d35f1edb9eef6d9494611

SHA512
0415c967e9b2b2ce9704a21271667bd96bd2d17a3a3cf0111fd654a0c8a3669f0fd69d9a8869052c003f1246014bf9193c36c4ecad0578368993b811873f13cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
19761b6e9df4a787db992953699df65d

SHA1
ecef5bb1b9ac7d182c31b34b2eb680cab508e6ee

SHA256
697fae2b624c2d55c1d4423b99f56e97f84ab67fb4b08dfb0614d4c3316593c3

SHA512
a12e9c0267be6d10212082e29cd5390a326d19e86c18a368a523c00e2dbb0c4174f20e3a42ae1be920a917ad80481d22e7470d91f8bd8626b33ff86b8391b54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
50d1ea4aed81f136cb025b7cd130de42

SHA1
7569cd9797589433427452e124b2884df56fc672

SHA256
9443f53feac63cca33b2e79d40019d5393e11d06312e6fcf5f5ecd8a8bfad0f0

SHA512
d38d9298d2bc023823bd2e570564e8d8d4400b49a2692010857ad2afa7d7f20c13b483bd0aacdbcc23c4fbf0058df28d40d09fddb9bb6e8c6e847a19d9c21045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
60ea199de879b12c12d4529413c0fcce

SHA1
193e019c95ad0b990d4e03afa90d0ef5857fb0a5

SHA256
82349389733ba9f0ea0e1a924890a35334532dc0022ead5497d71f18d18d2333

SHA512
086beb9e83cff9c7b2881f6a197771fc666b7e95b597d172bab8ddfd4ad3774e7ebcf753b2c17322701557ab027d15c639e178b4464f25f4dce08d482cd43b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
54d5c891c4e2dde1a171e1752aba3ef5

SHA1
503010ea091662551d91898fc7abbdf3c88ff84b

SHA256
4b28b1feb5d5adc107de7c1c14e6eac2dcc12c6b732910233dfd77cb641db040

SHA512
8f69e643a2af195a0ac7ab1875613fe9d0993bedb0f4e84bdc784c973a3f6e241ca56793a60c9d28f9a0cf1b8812842b4c32d822e12efe373f6a0d42d321987d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
181f7a82fd94441b32869ba27b95689f

SHA1
0bedbab5617b9f5716942343821a176ee7877f6c

SHA256
901540b4c0d5e0d0f6ad92ebfda2559e5e5ecfc38bc14c51455b98eabb7703a5

SHA512
5a5f2108494944391f25928f390d6280e246408c031f9fa73b76c2aa3437c183046e41134d8c057fc59ddec63592b61181e88a4944c802da140cea9c5cc6c456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
c8a7d5e7695e39ed317464cf4c1515a8

SHA1
9fcb26ade7ab52182ab9e829a3442a4e266fc164

SHA256
a1d10f29333c81b63ddf03f1b14884e7a6a8aa2ab9610f75ff55e893ed6f526f

SHA512
83cc2655a314c20de3724a8bfce6d23ef61087674927b3d6ca694bba53aafebb81ce744bd24cc5ab9cda0deb3404d88adf51512cb5b455b860297ca092803c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
b6e70c5246801e2828a21d96e1e0f548

SHA1
e0b40be8280899cf2f43be79daa13cd40bf1bd2e

SHA256
28edb3d782b6a9f8c5d803e418d7bf74783052d489dd1abb4537e98871204d8d

SHA512
bd55120e03102fcc365786d5f787d109b7a4f590e4f330355fec13c8819b99e8754b3a7d6a327f70e7be91bae85ff865070713f82701a8e5e932b0edacd8fd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bb37cd5ac11466e8b6a80cceeeecc440

SHA1
145161adbae8bfe0840988e4393b13359f6056c4

SHA256
c5b919ac734b0202bb234314f81edad5a57ca65771d4dcfa867b6181c46d005d

SHA512
ab6882a6d4915429f79d6fad78a75ee62cee04cd2398e0a652aa04aeaf002e7cd43685345dd8c85bc00ee7ae6a51317054191ef8285725291405f0b3794223d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
66e42e601773b2ac40bf6c6ae7479ad8

SHA1
48fe785329f77dc2ab8e0ad70daa221dc6a4c2c1

SHA256
a794e58cad4694f318ff4b2a3676b8ec8ad63467cc08f23acdfae2d4c628044a

SHA512
9927d0cdfd208e73428e4cf2f40518a6dc6138896ca00e2bcb412f163d30d5829d6ef5e8438d593a78e9e2c1062b0127dde9cbc0d68ae9a37738e5ab69f579d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ab147d367bed1723b5ee4b110449416f

SHA1
c7b8a1dffa0015250aa539b9fb8a70e876c76bdf

SHA256
d926a33e7cf2274a6c3fd625b48084be127294d0ffce3cccd4a4e7994011ebac

SHA512
1c53372bdb1f5f638e2e4d7a745ab79556a613d31834cece583a38053c5c3b14ae389bdad957b1e4b505c5af310cf3a39c38d8fe27af0cd0440c085ec6beaeab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58491a.TMP

Filesize
48B

MD5
20892d0320cafba1e5ce4cedad4d1823

SHA1
36151ac66f80eab52f294dc4273144b516628f54

SHA256
31236c10c014ca430323c36d0bc20de24395b992eef79dbd7cf6093d8844c82c

SHA512
6c8bf2bffa8d97ce417a015208f6a0fb9a4e2767ad39d710b26370f9adc92f5eece831490e9d1b84448ff1b84b556f8d60b995e1b0f6c1eca073ea2a4710d856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
e53e6f909f0339313a88148e4d97ece3

SHA1
55bdb382f6554c671fe96cebf57482df0bd33177

SHA256
663790eda1ce9ac2896723e6363c5e71048726000c21f930e9c13e5c9cae2324

SHA512
088774be1454ab043fa3653cc95f309e397c226459db120cbb5f2f14cf680a68e2e93bc8ae4668fe917d02a6844515e7f78a2ba2b629b177023b1949e76352ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
cf4e14bd97ea02e30276fcbc3874f7ea

SHA1
240af840adb26c4234c5f6e76c87e62621ca2b53

SHA256
dffd1450e1acbbc4215c6fb914d21e93882f82e483ce8908056cd2816babb143

SHA512
11b217faba9232d409e7f3f61cb62d08aca0e8e91341a9cf07e156ff37f41adccb7fec35cdcba91e6001b4c990b45c1181443b948ce50a52453d4ccb2ac4efdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
7714d9dc57b0bc9ee2dd68a33f8cee23

SHA1
5c6eb4734a417a4a489bed9d7594090e6786c37a

SHA256
d669eb6ad2cbfdd5463911cc5409784dc30049c859e3a0ad6d6d0c9ad761c07e

SHA512
da40765c189eddf139a879d576d8138cc72ef21afc95361dccff3584f5fbdd3f4912e4b7c1c8b0c8fede367b9f14bec2a81b713daf4644d9a21c40a18e5c8461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
d8466546ca8708707002b423b599d440

SHA1
61ed40e985a1946b0d6377d49ac2ef194b65722b

SHA256
631c0e42e2ae3847ec2aae8ea78f5b8aee75bd09e5b05b793fdadadb66f29ca9

SHA512
241955e6d0a74c325f5de2ad6b91d3c56e162f784fa0d7f75a7063c7a33d97ae3694cae7bed38665fd76b347cee05caf2d230120cae7d1bdce68342786760cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3700_687660036\dfcd00e1-a8d7-4ce3-a1a7-1a0e3adb28bf.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit