hxxps://github[.]com

max time kernel
262s
max time network
285s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
01/01/2024, 12:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMinorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133485852506104609"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
304	msinfo32.exe
920	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeDebugPrivilege	920	taskmgr.exe
Token: SeSystemProfilePrivilege	920	taskmgr.exe
Token: SeCreateGlobalPrivilege	920	taskmgr.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 4676	1560	chrome.exe	72
PID 1560 wrote to memory of 4676	1560	chrome.exe	72
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 2792	1560	chrome.exe	75
PID 1560 wrote to memory of 4164	1560	chrome.exe	74
PID 1560 wrote to memory of 4164	1560	chrome.exe	74
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76
PID 1560 wrote to memory of 3632	1560	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbf7db9758,0x7ffbf7db9768,0x7ffbf7db9778
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4916 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5400 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=1844,i,8989756603746843969,3071012074168006749,131072 /prefetch:8
  2⤵
  PID:2656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3156

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:920

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\DebugRequest.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:304

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
44KB

MD5
4e90f58db53da2207a34d1cdd04b56b3

SHA1
0d7a983f93c72a186369900e36c1f69472292679

SHA256
d4dba762aa70749391513700e4716939bdeefec33c825eecd6c26e97a40ec35a

SHA512
af63d4b2a5b75f45ea41fabd5cc6d259821e24da37cc3f4c2c4714065579f1e51e87450fa669cc4399eb724d7c0af17eed599229b2e338a86af6085cdcad419b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
22KB

MD5
d0e2d82a108f12dee9a4b4b4fe3170e3

SHA1
cd90a159dd3215d705ae6631ae2a9f71d38b56b3

SHA256
517f0425c755fe6ca4e7e4726c2061f1d3c415239bc383afb1e50f36268e6892

SHA512
77270c8396fb8d67397a1db31a6b2aa9e4855a49f51a731938a932704cecda7b5e41132393ba3319c9fa4b7355e7698d73a43df8fc706bac70e8019a2a6ab5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
40KB

MD5
3783a1f0f9852d7855da9d96d2330e80

SHA1
15cd620ae8add6e7aaba246c7814c46186ae2669

SHA256
8005e92c16700fa198bffe5b5a154113f19f2db5a1aa7facbbe7143a9b44f499

SHA512
d5ca5c73174ae85987c4a869e645aa9a854178ec66a0953e05ecfc37f26650d20eef1acabe087085fbc966c13e68f44853e4181bbabfeed74d45e484a54bc25b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
dc0914cc4795caec77be93311171eec7

SHA1
25944e96401ab51d93a4f74a820dd2ff2362e941

SHA256
835c832479f65371ece8e09c3344901420a640f1cad15d57c0b7bd03ecb45290

SHA512
4388247e05cd6f6f65defa687a96109ba63ea0c274e30d76885b38864011526cbd18b2b97ff46da2da86e7532852619d55cd72d096ecdc1c0fdcf5df50c3ae55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1a3d7fa1c978c4492f24ea599299f4f0

SHA1
87806ffed334b831665c2da85dece3902b521401

SHA256
54a14b41091134d90ba800b68139e45e21241cdb9bcd63f89646d31bc679db09

SHA512
c21d2a2784cff52197d0305bd9f30a1c655e806200345e3532bced9b6a768189958ba582a3a05dc4f9f93bb31feb9fd272ca05aeedf6bd48e471101e78fad6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cda8f63a3b49025c633235160a0651f4

SHA1
0c428a8eaea1ad3586d5cb3a13bde4c04d6e6f62

SHA256
d30d6ccf92a4d1257735867b2a40fac0ec30ca69cec6f6fc7f9fdfd912a0e3e6

SHA512
a6622744e10171330e44fb71f743e72360cd5cd4ec76552008bdec669bba21f972f1bab39d217ccfa2b2076bd47e2852126e218959aa9dcade0baa364a1a05e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
510869271b5559093fb9d39ea6ef1b2b

SHA1
0c515974da0acefa1f86c0f779d0318de575f21f

SHA256
2f9ee0d13346cbdbd95edcac000e846452278139cdb190d888b5343a95474513

SHA512
1ba631a319c439b71f401f5f0d5b83ca3c0e201c816e7a133a948b66bbd78a6231a6039396742552651ab7340a12f61848b0bb482ea1d619272de54e7b10c706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
02b3e933a516ed95690134adec1d5e09

SHA1
fdc8cf5f2adb1b7a5c5f70318d6e134c52065729

SHA256
89e0857393c6a64b77b5c963f15b88d0032ac2c75f23bb3576720faebcea962d

SHA512
586ea5e5ffab4609a2773d2d5d46e8e2c6384511e2e8345479f9331099527798de4577856219b096eac1b81c1cabfd998f103a414ca720ba8bc939cfd20dc91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6bbc2af9bfeec79eeb0de12acd4f1982

SHA1
713c82cfb6f757cddb8aade616095f23c64f4fe7

SHA256
ba1bfd0d6426c801a7065886c9e124af605d4fa1c2336894ea7a22aaae8ce5d3

SHA512
ca4616ef939d6334524736bf5e886ffc5c26b275966b93246e827cc32598be66c23f5567cd4dac8a73d86126afb347864d49d6a7c6e684fef3e8d58d3d205a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d30e78702df86d11678bda4357cf81e

SHA1
67d187bb87885185dd7a2f69ae8ef439305e10a0

SHA256
312ee00517410d296a0ae979f98b95db513f7d51a9401c0f3a835cb0660e7f69

SHA512
b0c9644adbaae45719d549029958f27535cf8189e81d5ba46253811cba8582f6de7263f456f86183b036ab2bbcf46f50f744d169b5a3cd4291466af7af34a870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ef5e9329d19ae1e08652c91ceef1013a

SHA1
aff2a09e02b2cb2a2e1048af1f1d1641729c293b

SHA256
fdee207120a3b7fbf727347e3054cf947442f2f2599e8fc843812dad03cfe19c

SHA512
1f2c5c334c8875e356256dfe45580ca377dd175e0f3fbc3c14f98241e756f9eb59f9f1a7ffbf352f2641d316ec79909215e29cc352b5514061758a2099435186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c3ef3e797e983e93d62bd87dd2019bd

SHA1
a256ed63c1e5e273b283e6e20f67e18e912bab1e

SHA256
40b81a668411c4adc0b760a60af60a42569c853214032a125680d1a3ebf5d608

SHA512
1b69d6f7641dedbe5134244ecb0694656839f972364dc9ccc9164179e1628dc9af752666adfff09673cda48d28b4fa7b6c8be198d250b37a0a415ed8399b1941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0d60a071bebaeab2d1edb510267fa261

SHA1
fc269e7b0091b19ea0162af7a7af9e51001fb440

SHA256
3187b3123a5d231d5cc07dc68c09456d8b832f143a293c1121d87e2edbbb6f63

SHA512
64236ce6b551da98d35f216b7938ef4b075c864252cf54b2c7f0ed0ea777926c0e2a7c93d41586831755937ad11bdb0065be9c4426a851200225c8f08520d9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
624409babb007f2c17003c8b7e38e5a6

SHA1
d092c92e55e9b18cb824f36cee2387c4e69c7704

SHA256
2756d661c1ccd55feff6c05c6081500977087d9493992d97f7da317d61d0dbec

SHA512
3bc07b1e63e6d9750c9b9a401f1e1b3cd7ee24243f30258b06a9616fa6faed26af9ed60917462ba61067a741f99f4916f9c9c706a8f4db03801f3d6b842072f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d3f76fbef400d51bd76e30454fab515

SHA1
3cf1d433f3070d62be6ce4756e8ce6730e56ff81

SHA256
48e14bb3cb7a2b4b033d149301f11b4f2ff7c3c3858a6cf9d509d7953ddb1cfb

SHA512
f46fcefa7399d05231c2f7851cdd593e6a17140cfaab0caa093e2a881de8ce3ab378c96c8d0632dc4846bd76d52e62703787a160257c6dbbedfcef1f6e0ef55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b6ec5d1130b423ab21b31e907ab29c7

SHA1
9c4ffb3e76b23091d37d3d5764b5b50d1f8745d3

SHA256
b148378de68833c8db9c411f252d8780548c9fc12bfee7dfef04a8d555dd1352

SHA512
928907d67f4c442ef6616d185a2cf79fb520720ca25e3cf7dae47ada7474940afcd3a10d1ba4aac2a0e93dc7990e8d308f2be6bcdad9851630503a877a182481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0f94f7cfb439e56fd78691a370b04883

SHA1
daffc8a724f76bc2a8efb10908de466c2c116dff

SHA256
04e796fcbb8033fdfe20906290008a21a210c558e9f3ce35a6e14f2b33df0811

SHA512
100e09c0a0a9229ea76cacd97916b4b91556af10083ef0838a7f386a3d43431715cc323e8467ddb3a1a7f4e598893f263044549d37e4d13de3c17d028ebff7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc904005483b162d06676a8dcde43c89

SHA1
0a9e74e9f12bb72aafa701d6b15998560b2237c8

SHA256
4a92f2df85398e4ab57048712bab74b4eb394916ac9ab2dfb15d1f463e8e7f12

SHA512
bd9c34a84968f4f57904e407b6bd36c566fc2edc96be0c788aec9c1df9659c21cd376a729635f3319ff1d5208719c27e3072ce84d6123aa64742518ced6b6c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acc07dea643b754b9184aa6d2521dff4

SHA1
3401352ee50bddcb918e83be6620e9cda0f6ecde

SHA256
c4b0ba7b80e021b7b67d0a68b6495c1c0ab2f11da734210d8cba0a217e4bd85a

SHA512
08c10cd47bc8644073cc95a46868bb6937d3662ba75986e3603174e936a6c1b998f26934c326f8c59c643af3797226d23913d5f187a5af87a467868e2e97660b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
0e5660c4fcacac419f87b39954e2302c

SHA1
890e4e9ebee3d6b27743e9383b68335cc8ce1d52

SHA256
818be7500e529557d955a78fe0e32013cb47fa89ec2d07e49303ba91366751e1

SHA512
e73ac1a32f530cd80cc4a4d6aefd1a6a10ea4a8590fdee4b7b48648154f4c5404f88d2a14b1134e2204da72d20a30b56a6a60e740e5a8d024296ca8e70f2d22a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5b44e88fa1ee488c690c01062b60a3a6

SHA1
50a54852081dfd4a7718fa04bf4e3f77c47e1e63

SHA256
962c0ac12a1287f58d28dfd1d6b2c8ddf5e372d47a2176cdde63c615a41d0889

SHA512
90c94981d09ef6197129a755f65532c287aec6512ad53dff0ab91cbc9e94bbdacc0a007914e408f229c5e9942900a7e3b5fc03e2f5506e55d1d3b4ed05f2eeb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\3877292338.pri

Filesize
162KB

MD5
0d02b03a068d671348931cc20c048422

SHA1
67b6deacf1303acfcbab0b158157fdc03a02c8d5

SHA256
44f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0

SHA512
805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\810424605.pri

Filesize
2KB

MD5
a2942665b12ed000cd2ac95adef8e0cc

SHA1
ac194f8d30f659131d1c73af8d44e81eccab7fde

SHA256
bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374

SHA512
4e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9

Download Submit