hxxps://aluminiosnazarenos[.]es/pergolas-bioclimaticas-todo-el-ano/

Resubmissions

26-05-2023 11:47

230526-nx9wbafc65 6

26-05-2023 11:17

230526-ndtd8afb69 1

Analysis

max time kernel
154s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-es
resource tags

arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
26-05-2023 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aluminiosnazarenos.es/pergolas-bioclimaticas-todo-el-ano/

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295806568775954"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3664	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeDebugPrivilege	3664	taskmgr.exe
Token: SeSystemProfilePrivilege	3664	taskmgr.exe
Token: SeCreateGlobalPrivilege	3664	taskmgr.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeCreatePagefilePrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 888	2364	chrome.exe	84
PID 2364 wrote to memory of 888	2364	chrome.exe	84
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 1788	2364	chrome.exe	85
PID 2364 wrote to memory of 3684	2364	chrome.exe	86
PID 2364 wrote to memory of 3684	2364	chrome.exe	86
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87
PID 2364 wrote to memory of 4864	2364	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://aluminiosnazarenos.es/pergolas-bioclimaticas-todo-el-ano/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffff0e69758,0x7ffff0e69768,0x7ffff0e69778
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5096 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5264 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4640 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3196 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 --field-trial-handle=1704,i,4079467569881046442,13161949172208954934,131072 /prefetch:2
  2⤵
  PID:4588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4276

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3664

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
31KB

MD5
0790bce5db744ab0b4a8bad3d05935e4

SHA1
d2a884497adcddf143f37b5e33ad7f983b3bcf31

SHA256
fb6299fc25a7d4bcab5b90c2b83406bb794ecf210275e324f4f405eaf4cf83e5

SHA512
d08fe0747e5f57fb400e58289796b7ac5f061c035362da60d92faaf51c5efbaa1823983efcddb1279bd62a187078e12761f02fe1897b0b06650c64919245c6de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
40KB

MD5
39244d84471ebdd9652d2ffab49ae33b

SHA1
9cf15454f1b007b5d4753b3fa88034d4b552506f

SHA256
3dd8fac1d3f15ad0cbe88a0254458a34cfa26aa8f669f3f0105183e7c5b02f63

SHA512
2de9e24fe9b7936757723ba0bfd3168f248c5df0e50b73967715c9860c2ac28994b323993b74f693ae561d91e39f01b4a4da4e800be6ec39f24cb5f37a8b4bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
47KB

MD5
400fb5e61c650fac7ae1a447b4363ab3

SHA1
b106a90792e067224c2f5612e41ff300ad6a0f28

SHA256
5c371190c3cf680c6048ddd03e64727636d00434c720f62f73717099b8f055b0

SHA512
8810a4acb712eba642b68c126989b16d90db342af2d1f3f1bd06d2f30b3d365deadbeda13bdd42d040ea28cb3d9198f7e10d4dee3073868639df12d24e9b5d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
e88dd0420b696be12c23c18d2a7a1cc6

SHA1
4bd91ae2ffcee22e39adbd35670f6f53baf12b86

SHA256
55230cc4dd436f63b68411b6120c0833079e767cfb73e33601b82d9ba3b29a57

SHA512
fad1688b1eb2cf2b00fd5ada5d644b32cbbb6a36fa1f65c4d7e4f5d0b58943c55cd94cebc2bb7e619f68aa81b11ad2608a94ea8814ccd21832921717c21f2bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
a050d0df3b288fd9fd84b3cbfae26490

SHA1
5605b4701ab033e36aa9d378c84aa7bd27be89b6

SHA256
af751ae124e3e811bc0b98218604d3d45e05ebc2566928fef83313563462fcbf

SHA512
46955bb89451ebeb40002a0577b99a86b665cb3d9b04ee72ff33af37d534e3ce006730c648d959600cbad369fb84811acca8dbb5024c792e62002b845c95ae3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a50c11124d3cd0e05ea85749f1912c5d

SHA1
1d690e43e35545def63c4816fad097346953b2d0

SHA256
fefc05cea632bcab30938ed9f1712956296462a04e216ce56b68784e1b8e5f85

SHA512
8686805b397770c85866d26a01bc308e775c4a43ce0535de2e62fdf5473ee5f59025a4e0537eb14371fccae3e933a2da4e02b4bfe5dcb47171bb36299357c027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a1b837441f4f7111da1c963630461c44

SHA1
7224a5bbcfa10dda78c4d312f7d29bfc681e5ee9

SHA256
1da1a035abfbba0d32d8fab66cb5f7114a9afb2bedbc53b419f032f754ef5a7e

SHA512
dd63746c8fd54b0e91ed3639414e553ff4587b4dee3fc243fb4c436ae679fbf8c87721f46e06e54dc1beccb28ab4a098001abd5a9e1fc8b63ba0934ce90ceff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
37c6c342e50be94be197f93affb0c4cf

SHA1
a9fc69835df2e1d785c3b2fec105af60bf09e5b9

SHA256
df1d4d736f0443e30ecb9a73e632a70df417c7125637beab1fb9b68d37a036b5

SHA512
79cfd84c530fcb7be7abca354b5c2e7b870fa26546976eacf092c44e7a54b0c977515495a8935925ab34a71a16cdef71b8d40346fd4a7db16bae7639c2fe32fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
ab31e2654d7288e3761943450c11fcfc

SHA1
3646fe10a8f0df2864b782e9f5a0a0e692ff71ed

SHA256
96e03a45195454eb72b46e3366e67e57f5deda2719ad7d83262409d8e22a8a03

SHA512
2d288d21d7ea17326acf7729f52d6c3682cd86729269e1ec54b9d69fdae78b766f55ee6e4e5d8a8d2c373a0f6e0d45e4e84ffb723b1ab3e9b468c8b5453313d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
1a0fe1508e92c5895e522fd07687973c

SHA1
c9a3ca7e46857cda966f4cf74446094ae7a357d9

SHA256
8cddd268fa957865808ecebb09f40e86a7dad90353273dbd4cb2a28303b33143

SHA512
f6cc376e9ea57189f80f4f47b0d39624aba2b640d692a25d1a837f6c73019be65d7b80f2d8074316aa7d976bc13322a311d69fc2b1ec01b8e58bbb961ec4d484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f69c42b6807ca3f4ad8087b44899b769

SHA1
f49a1ac21f53dd1be4ecec23bb17ad4ebbb9cd15

SHA256
97575c85f69a97e28e595f3acea01507d78ad6b7e2a1c048e10c6566624e23bb

SHA512
62481f22a0d4a05ae5df60ffebf707776638a85a9c780e36af0fe1d4cd0996a37982a8cb504cc52e96c9153692a09a249e55c9f71f5fe13dae2de4566a06f0ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ae42f29bd3ce3a207eb92d45fa4b4d1

SHA1
03c89c624b72d96dcfe61319c4c47841a2e98e03

SHA256
20628673cdaa044da934929371ddd7e55dc147d005e709ffcd2b95a6bfb5826e

SHA512
70e697255a7b9aa965536cdae766695319fec6a0d1138c1ba3b52a8af84fdf744cfb0be069fac425ece700bd0578b26a1a9a6957246bda41e3b581e5c77e838f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4948e07c3f5d59ffda04b7391f0f7efe

SHA1
a1edbc5241e1f211d7fa9137ba17ff04a7667032

SHA256
20a5c19d6d1ad5e476b02f8be7be0b66959971eac1df8b19eb39358cee4614d8

SHA512
122b48fb891f0ae345e9fc59dfbcb61a9e017cef57861b5360410094a1675c0714ac5c7922b4bbff5a20809502ad9df34346dfee106016b0746a7ac00e5b6edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e04539ab08977d2ba60c24dbc0fc632

SHA1
d79da593808936065325b120857aa93da6418324

SHA256
31dda5c31c527e3c5773a57d0f71a0c298c56f315b1f1673224706f3bc00398e

SHA512
f422c866ea80cd05bdf8f6523935c775a22a14294d812a928b584d55f0acf6434597ceedfc3455bc64630f1d939efd38f4ff0c4bb50e23dfb1eb76a8b2420ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2aa11d38ad1461b27e0b945a3e30b369

SHA1
cd575edcb1dfaf0dc19b68cbbf48000069a9a126

SHA256
5283ae9c49d7e3c467d3c16748c31f5b3747ad2b03d9b44ce85dff207266d7d9

SHA512
c7eeb2d0a8da22967c7b9eec20900ae20b21f3ba89005e1cb2f09d406e8a73c3cbd528b118949493befe02b41f4ff6e875d9b5ffb7fc84dabb96dfd2997a1e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
967a6966d2e6ce576e4c020af11c5421

SHA1
faf876c595b7e555dca1af737c13e5632f1e38b2

SHA256
ddb744f3eca0d04fed647f06ae03a9db16452037a8200b7e266b2c44b77007c8

SHA512
3c4b08417602f2358242215bbb5ba4e8335a43e6858f52d6fed2940cee87e4e7a00591a10b8d36879a8a88b6481d94dca2a4f5d81f1173e688396a6476652e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
13e747e7606e05c1c14dc364e27ff584

SHA1
6f005c69582c6fecbe35b905d943681ed5d8ffd8

SHA256
f43d1f094a9f57cfba028de7848c518a6fc870f4a9c13040231960ae12c8b08c

SHA512
dc47a3eddb672a9f0ca9f9d050139e73f2da8a665d98b3b574f1bccbc657b452721a7b8880fc56fcf9491ab8d21fb67287a7ae738bb5eb0163fdf13f95af1d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
fb4b269aa8d20036b6e377c4e6079fb9

SHA1
43187db719565fb99a962b09e747f634fcaa5944

SHA256
4947961513c13b2561557b696eaf79c9644e8cf31dd4e6cd8f1b41ad35aa6ccc

SHA512
0ac44af767654606a878c0dc806c7d7afb7a4271739d287a397e3cccd64c13f3fef495f0d6866fc0e19ac9a05705f3fb6bff4745f74b726febc5122260a79d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
703b9bb8b6bf491b31a143712ea98229

SHA1
9f58707bd674aa842a89cae88c24793ca82dbb6e

SHA256
5614604fd3ef4b42b6ddb22f931849e65af1fe5410d4b0e6fac3ff5f50dfe2c2

SHA512
0d5965c1fe120a67e81088b9122e1c205d0589dccb3bd6ecf2050eb2dbe12a5e28b2e589e010e3775ec6922a8df3496b7d11c61f199f936b32e469da44849b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3664-249-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-248-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-252-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-247-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-246-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-242-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-251-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-241-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-240-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download
memory/3664-250-0x000001D8D51E0000-0x000001D8D51E1000-memory.dmp

Filesize
4KB

Download