hxxps://github[.]com

max time kernel
127s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133497982299746110"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
4560	chrome.exe
4560	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeDebugPrivilege	3144	taskmgr.exe
Token: SeSystemProfilePrivilege	3144	taskmgr.exe
Token: SeCreateGlobalPrivilege	3144	taskmgr.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: 33	3144	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3144	taskmgr.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe
3144	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 4944	2008	chrome.exe	17
PID 2008 wrote to memory of 4944	2008	chrome.exe	17
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 4916	2008	chrome.exe	70
PID 2008 wrote to memory of 3656	2008	chrome.exe	67
PID 2008 wrote to memory of 3656	2008	chrome.exe	67
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66
PID 2008 wrote to memory of 1972	2008	chrome.exe	66

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffb63609758,0x7ffb63609768,0x7ffb63609778
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4912 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5216 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5780 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2692 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 --field-trial-handle=1896,i,11181919092745653640,13913602146184061796,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4456

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3144

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4776
- C:\Windows\system32\dashost.exe
  dashost.exe {9234715e-bfbc-40c4-9c5f7694ec48fe66}
  2⤵
  PID:3396

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap28491:100:7zEvent12236
1⤵
PID:2780

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SilverRat-master\Build\UnityLoader.js"
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\869be1f4-fe91-479d-86f0-17f06a41a8fa.tmp

Filesize
6KB

MD5
1cab2923e57be25d4f72bc8d5821c647

SHA1
7bf13c952e5f7c25d7347bf3078dc8d0e53743c2

SHA256
86130d10e08afc783f837696ca05eb3484e536a3859405b81f835a99df6aba24

SHA512
089929c1d93e844110f8d5ab1b3c5b2bc462e4dae684417d4ae6117aaabaadb64ccf2200621b67c88c130441ab81bba0e75ce1fe88259fe2a54f5f2eb1716496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
d91f943e1f23c27776727311a3548440

SHA1
1a72a7e828a02a5abae0f25cd734cacb14d24943

SHA256
b90e4be76583bf88f947a8063468b7e2013bcf512308c39c911bc39a50487b6c

SHA512
f0f9aa423238d41d91881c3cc5da1aa18f91ffe07b13f55f606203169366bb0503f7d5a204fc0de493159874da572c8adf5ad31cc7f4596a5e2b262e1536db95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
49KB

MD5
f7e1f7ebf7b0772a26bdbcafec40ebf7

SHA1
86c0b90aec6597caed8ebcb28126f4b536ba03e2

SHA256
1848b05d00f9d60f36980cecd03faa1036b4393759da3db21a012114159b64a0

SHA512
9bdf66a8376de92f9bf452366e6e3cc082e3ab018c6ca4a8fb8a3c5bae40d004ee3cb355a371b863da0b422a58e1b9e3e5a2bc94f20a32ec25a9b403cc64aa3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
43KB

MD5
4fd087eaf4d9cacbf15f8edbc548b462

SHA1
b52b5cbef12afcb18b344b9ad28722c1c8951145

SHA256
3b5c256408ed4812e211ee7818500e58c39b1b39d8a447e717e166f101db2456

SHA512
12ea7f3b3932f93e928d63d2ea6e48dc6f3a626caa1b99ab9edca71cbc463f503cdccfb303130f71aecab08ac14d954b81e6dc5048f625a68fefda41466770be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
18KB

MD5
cf61cb603b3d438c1808b6d5155fc7f4

SHA1
416e348fdf9fb0e12bb73b22904a5ddb81dd0334

SHA256
d30e801a068a9f6b6954bef011ad83d48fea43ef9500f016227d207741446b26

SHA512
dc1fbb06cefb5df7467bc1745b81bc0a4eebad2f0f9a8678f0e887a929f081813dc0646759e874f3dcc8d2731f9e16c8cb0b2a23dc53106de3b4b0a686223da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
be8faf0cbcef9359fd95951ebe419c2a

SHA1
98d2839c118f2debd7ba7220e4907dd9794894fc

SHA256
563fefcbd59278ab44ae39115ea2365be347fd6625bf831ecdd1cc39123e29c4

SHA512
c6dbfc3ac881204ab6d657c24d35094cb812e7d036e1a47ef6c8f40a18c430943969d52ba1e154616240c3667759c84371dd7669059cf536ee2be010cdb65536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fa150b4a6052fbcdb91262267bb6245a

SHA1
c0bc7d57065f1ed8625fac6077e54b9e323ffd86

SHA256
6a849bcd20ec9386eb707a3e13795b4f77a56c95161eae1a8ed3dce9b884aa2a

SHA512
2510a0b21755fad5901559457514489cb6bed279a23d7b19079eb0debe56cab23631acd2a9b2b5b01a1118322d62cda8474af5b7cac8359ae9b21b92f4fe4d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2ed61ceb12841c09468b171551875c77

SHA1
a37d61c161a91881b106a2d60cd14b2260e8437c

SHA256
b1351e20e7c8e3f278aa8dfa6f3f25937dc7ae179ff0295ac677f34971b49403

SHA512
884846c9ea60264d96a7476edb30797ac8c6ae8163aaea5f36c9c9829e09440ae2092b3384015fc85dd681769f6151519fc0bc9a3c3a8715895b724883137bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f613e38ee0acb49b26a1dedf7c03b9f

SHA1
75d2754868fa2d99a4d20fbe318599a00035ce8b

SHA256
99d30ae044aac25538c6419c2f7e811daf54bef9bb8fd356065d9d878f6694c1

SHA512
44a7fd105cec40ae19632302a33d247132a54fd1bbe6c10914dd08ec046f8accc87e25bbfb88a8fcdc9ef5caba43d64525dcc99d11f7b67e82dc80df214ee914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d30d739fe6ac3aa5fe9980e303d35b0a

SHA1
a1f681f5cc86e2e36fe49debd17ca705b663218c

SHA256
3ecb863813c86d65cae4d68794ab8efa929ae202fc90d64f4e6d8859f275bd7c

SHA512
7fe8428b1580958e75a5ce757c5a05b1a9dc0cd49e37a37e2706e06672b0ea17669a26bb1877183a3c2ddb2451c5367057d5fffe9cf6b222b3442e93fdd6428e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1bf02bd862881e77f107e3b3d019861a

SHA1
ea1543a5e624eb522b373106c6e6962089565191

SHA256
c63b1fce4be4c119b4a0fd9e42b90c4edd81d977a75fc4ccb805362ad0f2d9f9

SHA512
db822b57642f8a0b157b1b5d35d7312b5e3784223ef9eeb27e65c545c1fbd946c45224093cc1de55fc8a4fa90a41101852dca0c35874e21e81d86fa40c3fc8fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc17a49ec7a6ede7e29dbd5f9c54fe33

SHA1
e8b8563b577745d27521bbae0a6b377a085dcf0f

SHA256
1b01e3df8e3ff0bac42afc881aece11f15cf352e167d74070ed93057f0e47b64

SHA512
dfe2cc98420356eb7a685741d060cdd35bb261f81b6b4889d1dbead1ea4721d4d011b694b5d0f49f49e086b45c6f01bc3bf65bfb0620d080496ea663d706dad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e39724ee768ae66d61986f1addc42fc4

SHA1
52985ee137e91b1494d7e06bc99441b5e46d9d91

SHA256
02423c03637638656c4d15395ba46e703a07de6ca4d18a8b44c8d545e6e71f0a

SHA512
3b08abf911e2269d5cbec1222522b7e39e77abbed2db2f208985ab8c6db79a5afe2c278938a0d2cf11a9420ec24a8e956cdbc2c0391ea86c21823ee8dcc478ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f94db240d13ebf600e9e527f0857fec

SHA1
a4d1b0142b784fa77429b9c8c3fa84b8e9f7d9b9

SHA256
bf17567fe330f12cf193a7f101f315006d6b9b5a63df3b5f818f83e8571c822a

SHA512
9cf4e15126d7fdd54f1f72f21b950f3e51afb2a61426a0611fc0ced159ff815cdf7e78207b826932a19ad702befb887968245accf7b52cfb673253ddc02816f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b96e10697af5eef915c14cb671b4fef0

SHA1
c2f1bc2a4fa75cb1997ddcc817d582f3352b27ed

SHA256
91739ac8b977668e377f51940bf12e3d5bea2aaa0d2e0348b93afa0610399ee7

SHA512
787e061faf78b1c97232cdfb3f7c120684022609b99a53dc02a7196cad7aae66fa6a22f46c80c2fa219084555a01ff9a7724de115027c935b28bba7c79924163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22713fb046bd9224140c5bf5ba2e8de3

SHA1
ee6266c7fcebd86e95a149b8e9e2ebda04bfa113

SHA256
a8544dcf97c45bcf749c0e52120f15d3e7632736a46a29739b3dd749a51a304d

SHA512
729d9cbe32eea6d36a298b225cdbc92e27e9887cf51fdbc14df6b842ac28869a453792fff1008dd741251c15fe91a216c078cb9c9cec952bde3e9d9913caddfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c27f2c45385bb20881cf753f5ebe9de

SHA1
1fe822c78131353364fa13dd671bdecb07b567f6

SHA256
0336b5447e87543fd062e3b20826bf3f37aa522cbcad156a3e7386bd3ca54a2f

SHA512
846ca581ee1d6dc2bb09a7762f77a332de1aa05942435900197e492356d1803246593a934862c5f0060e74d37dd0919f71e9b4d4a8b6dba097df0f2164faed67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
504f65445d7d260ebc813b06690cca8b

SHA1
7ecbd068366a13643ec2dc5c164c16358fe2e9c2

SHA256
1863abd332129355caa09f519bd699c5aa376dc26466bccd2d36fa79d6bacd77

SHA512
6d7f23da6088a07309830162dc4ba43c082ad6d59f440ba02ff1155a32fce1e25fbb9230d36606adcb10a7597470b5453d1269a74c43aea9ecc4bb65e76fc299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
2397262df4d9f441a9bf2dbd36152a12

SHA1
5042ca0b19fd3bbfe6864ea80a9fd4dfdb93bad0

SHA256
55ad4485bc22d3009c87b6b22d9cb7dbd7daf6d866d6a08ecca421f2c8f97d23

SHA512
08cda5f229b6536107223a96a84a937308dd4f81df7fc44fa9d0181d44a4fa228ddc82166f0a77022c74a3b2aae6852bf69c4f409aac9aec43792af68184d9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
f76d354650afa8dfb62ea1d5ce6a1cb7

SHA1
22e679aefe8e3e9521d96dd1f689434b431e7f3c

SHA256
f2a57c16648926bca92c5382a92be7324c7c66ae99a14e3dcb3759aea9c8842c

SHA512
71bf7d409f0f3eb80a3182e7c7ed2bde1b9fe1236931979ade7409d30b72f8ee3bf35ec122c0ab8e5dcc34661df2762f0fad57873222d532902c3406047a0392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
872f2b5f172cca837591f443efc2cd85

SHA1
01fddc34120b4fd6ac0481b2837825af3f96d240

SHA256
72dd798b96b75be47327995dd5c75c778d34b2c18a2163b01967156e135d6ae4

SHA512
cad635ba0dd398ae08ac50d9c67c6de4ac91c16105a971462d37d5913e45002aa9656eb94eb8791f305105bde4fde816f3cdb690991c1503e8a4934549b19678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588855.TMP

Filesize
96KB

MD5
ced7ad6ebe8cda567d1a170a9dca6b50

SHA1
9522d5fc426509d9b376272a97d0c7687bf71b78

SHA256
56f9d68815791d9a89f058d82967858185712bfd5c5ed8a5c746899961fe5d95

SHA512
6c20ec69c9190bb65e577896d739af427cdaf520bdf359fc00d872a6f69ebab34ddb0652fb5a2c8134de42fb64b7e0f279ba089ba68be8bbb2cc4964819e2c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\SilverRat-master\Build\UnityLoader.js

Filesize
155KB

MD5
9b952195ab79ef94f0feaae8cbb8d8ac

SHA1
c64d916930160e6d7e1efeb4956be24758f73f23

SHA256
3c1427188a1089905065b81e6bb0ab04f55ea50f17623e8828ca3e46a7ece73b

SHA512
48c19a8fb74490eb2e1e7f64c18462502f79c0d9914563097252d87a3268b2b92decd521ce5c6b3707bfbc389b7dc06071c94fe5e36d2162bd2cb80187fd1591

Download Submit
C:\Users\Admin\Downloads\SilverRAT_1.0-cracked-main.zip.crdownload

Filesize
2.1MB

MD5
1a61c386975a2b878f37d932e7ea2263

SHA1
6d0b77adbc41b6044d36f6cd8b889ce1fbab7f7c

SHA256
aae87aab51c4efd5d50b41bbb7227a366a9cbbecf351b74a14f6355321281edc

SHA512
6d6b070e817b8a3b75d0fc003891bb41a0ccf88a1559bad05306e9fdda3c1656e20cb8ed595cfb6cb2f7156081f901518be351244cadf082c16d6cb5b67bb528

Download Submit
memory/3144-165-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-164-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-163-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-162-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-161-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-160-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-159-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-153-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-152-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download
memory/3144-151-0x0000027690300000-0x0000027690301000-memory.dmp

Filesize
4KB

Download