hxxp://google[.]com

Analysis

max time kernel
900s
max time network
1588s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/06/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637252905457740"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
1716	chrome.exe
1716	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
1716	chrome.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe
3092	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 4112	1716	chrome.exe	72
PID 1716 wrote to memory of 4112	1716	chrome.exe	72
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 520	1716	chrome.exe	74
PID 1716 wrote to memory of 864	1716	chrome.exe	75
PID 1716 wrote to memory of 864	1716	chrome.exe	75
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76
PID 1716 wrote to memory of 316	1716	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe30759758,0x7ffe30759768,0x7ffe30759778
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:2
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2672 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2680 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3784 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4576 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4968 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 --field-trial-handle=1784,i,12292960498920287999,13719000654565663545,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1808

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
792505870a6bd00c27a3f460e997e445

SHA1
93627beedcc09c261fca58b1d37bb45ee6640293

SHA256
a3a1c9853813d2c857d9d5c587c78fbc681a6cafff0a4fda30ad6145a2ba77c9

SHA512
7a8fb0de9e66d526f6de8b660e21c5ab954f69df3551e7f79680f4218d87db9052d374bfdbbd6cd9a95737d429217b25aa7f265317cf213e6fe44af1efa83b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dc728487b1d91696204e512c89e55746

SHA1
6d6e0e3b527aaacdf522d4c12bffecd4fac3dc73

SHA256
6148601510072fc8cba4e7e49c73b4a365ba98917a6fcebdc4f418d075b6748f

SHA512
36073fc3e8c5dd8d75b4673a0826dd63c2acdcb82faa10cec5b9edb0047f0800d18fd0c3547005ebf1f4eb8f0118bbea7f2b0c9696cdf27818e300a50feeff88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7508c9a6ab2c88eb9fe16ce1b8ca9563

SHA1
33199a1f275a0433aac2e03f3aaae8cfd72c6308

SHA256
a3a60bc0cc3fcb751d1b7af71f561c4d402adfad203c07a688a9895fb34b65f8

SHA512
62488b5c01631065a642eeb26e29fa9d9f9e1e5f6c54f0ac66de4d3cc819e09a73c35f50977b07b0bbf0cd756647cf41dee8a1f1c28c7ba7818c9b78b6304c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e484cc1d2da708ac392bd79920ba603c

SHA1
07a572b00658430ea1c3e198b6b6149c1dabe1f5

SHA256
0155f86f8aa213d8d49557b69a5842113bb52d5ec782c74b5ac616363f60e0f0

SHA512
a5ee052e4ad088aadd0ce9b3b99f6e77efdc6f5d2d97b2b60fbd206ca94993d4f6bc0157e54b35e0d5318da93fe544bc7128dc16d8e61c236513daa31e3f0bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c093105fc0674a7181a3252236173085

SHA1
abe2f06ffedb1e03d3270b3dbbffa8fb26465913

SHA256
a3822bed5a9dccb0d77e14732f2c0e912ca193bb4a5753b20f9f4a8b2c3a4a55

SHA512
3d8d67c22fca0b5ccb23f437950e1ae07831bca6bad94eadea21db4f95b38439fb69c843faf4d6e3469db3ef6f1530612b9d724e3911b4c4a8a740d9f0bf0a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7bca3bae1dfc4ebb9cf5817ada2b84f9

SHA1
946c378704540be8feca9d7b73b721558877a282

SHA256
fd60b1378e0e6dd250bd487ffce24337bb0a4337d44a764d99e7a152eb53786f

SHA512
0cc12a09a3d9b4c12b635a77af1bb9bc64850072f5306f317869f95f341866fe484eb81bfa7e3ba130b59f8146a8fc34c6e3b4b4cca20d89c418aec13741faee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
728c356c95fde0c3dc44f0bb879ee79f

SHA1
f88ef41ab22cdebe946fa80defd1520cdfb6739e

SHA256
c0dd37bcfe24993abd957b9b785b8cb18b6e251ea1d022ca54e04dad5961001d

SHA512
2708ade7845b7019a2e0cacb4d398c00b055c9f987d8f5576851c4405ed8957e0c988958d6c765e47515e8b33fa99f3cf0b68a943defb9d226c763b781d879c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f9a638ac15c0dd524df77c8164f85a3

SHA1
4498c4950182383bd4582acbab06f705ca86564b

SHA256
1359df39677d69741384951a9900b935c3ac229848989f29776820be61723376

SHA512
1fdcd3edfea5b0898262123462e9efe1dfdf8fae76dbfb4dd62b9d6a59f5223ea355a415552a4bd9f28786bf5362a28881eb770a3d24dd2fa8360b7d3af2d311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f0bd30a0955673a0f05a879ed5c917d

SHA1
d6d33eb62e48ed23878d0debccab765b32565127

SHA256
f679bf1cebf6dcc5b3cd190ca683fe7521bee305b1dee69f4802e889bcbc6bc4

SHA512
abc5141a030368aa7d50b8decc4994da71a7ffc3c6e7f8f1045286701a346d6f1c684c13386fe69581217f2143c3cf566af834a1bb6217c4dc9b295cd1abd8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7e09e4d921b0c5feb608c2e9530b729

SHA1
9e0e77969b70015fd73446904e5f8a572fe2cd3c

SHA256
2b47459ec950acec9811880eeff3c0a909bea787058f858442eda45f455d9996

SHA512
f1f6345f95f5d974fa19b659cc5b56351736f42d3d2c38d9811cabc02824681162309a5070d525debfb6ea6f6a756b34141e715561674775cc2f2d3cf36c7e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1d71e6e32bc574e64cd27d43c23b0ea3

SHA1
63b0c89c6d1bf79e78d4ed0ed31ac73b3b886dea

SHA256
dd8d92f763f512ee1a634121138e4bf744ac4f069e1f0d2147af07535b390d6f

SHA512
ea4db406321eb25810c63c627126ec8ce4ef72fd7a181e2f4982ba4633fc63d86d4939749f4f0d51344491d5433f0d17312daeabdb121ff8077730186dd81a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bee9cd315d0ccd2fd04fb0fdcecdfee2

SHA1
a3d8b5683a9ea29fdcf524b1c919af6e24aad613

SHA256
7b5726dce6cab2eb3d8e597d8902fd5222c5c2b46199713b6f89fb5da320932d

SHA512
a0a87710029fb4de4d66a1c7adfb5403e57061dbf102f9fb976a26ef6edf7046a0684001a19cf01ef9e1caf3ea2eb65f28bc1fd8a3be658c2c9a3bb9df9e683f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
874711a12b100261ee36648fbb93d05d

SHA1
3e576ea0f9114fa13a9c714081e17d0f86342365

SHA256
7372668a65850635e8d7d09ff36b2a3a32d6b48e334484ff4bdfb51e2bd57442

SHA512
4146e6897aadcd7b036a343a9365028cd87196e0ac62dfd85d01844fd1d2d2c24c53823ffc3b10c169d152e429e73c77312f49379a5700e50e6c01a7c7d775e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5848fb.TMP

Filesize
48B

MD5
fc641074bde81f06d1c263b6160eb887

SHA1
044d932fc0a1be34a4d8c59276abc17619aef141

SHA256
7ef6770cdccec3051ab9d5c30e0501fc9a6457a5ee69a0c2c333bc7f7bb453cd

SHA512
2d952c3a4c1df2458b04360927567d16961705d66ecc32edd994804c0d3fdac6a30a732cfdfd4f8b6368f679128ff9921c9ae3c06c1d45aae7196f20fafb2932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6c3e290bc03633fed3dac52b01997735

SHA1
aef4cefcb69633be1fbf842586080e1e5bf9390e

SHA256
8710c1a38a29a9e571e2c1fddd17effc63e7f1288b0646b7595121cb2e96a033

SHA512
e3dcc970cf141e098329759cbfa89a56e6e354b4db171acf6d4ec27703208e6c2a5691ef94194bd35500e68faa1a1a375d539cc58ed74dd1cffec66b7c2f6077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
556dccc2c522847e4c2122a3da400b6b

SHA1
a6806ad7d15a1f1b3bf8a5128ab4379b25129435

SHA256
567d549c27e6e8dc236a32536ba8eec0d7c53fc28db55f278b0384bb3217f2b9

SHA512
2f70c3a5595c2b45b1fb7d604badd2040216281d6d3c030614ddeb603fc802c0c11a877aaccd36bafa7b9e28c12755ee86591ca5ebe6876e58f7e86e6406ce46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
ddc2fdcb0e02679571e68505322a64a0

SHA1
8bc70770add4e41c4547ab7913f0d6287dd2236f

SHA256
38c96ce9f696d9327cd8b4b0202f081884e5055aafa16f81f4bed3139a02e51b

SHA512
7894dd964f3bafb1a9ad83178592131486792ccc4182c6d1543a59775998f23d45c0cf99ec818efddabc011f0220958d0b2c686746b3931a9552955c62924fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
123aa550955ff4f1dd72fc0ca0976738

SHA1
82ffbd5eb5b72c940f313d4c8248a14898fe5acb

SHA256
eaddebd6a84ff60ddeacd41da7e4aaecfff33870d7f60a92107e15f30af1f487

SHA512
782c0f28d940924aa18be19787a5f3f5594d2d437a5f4bf28c5971b2c72407ea3efeed93807e0dc3653fc450761fac08dc4b8d78e40382d9c4201266a3659da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
59550db2325fd63918649ba1c681fe60

SHA1
a71069b5eacc6b1388fcc6770d0ccd89a1d63c66

SHA256
f4cb08f744f7bf6e8afdb7ec3ee5ca581ac178d9ce5adea339245d06556a4e78

SHA512
df28381e39ebae5e8bbd80ed7956e8b8971857e80e774457a8f304a1e6e26ddb74031fb3858eea15c7abf7d3180c22e839863a6be4c801fa70d92e98f94a173c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
a60230cdcc498dac5e8e14fb5fb39d62

SHA1
89b288983a77c424a387fd31c36310ee0eb8a5b2

SHA256
f040cd15930134e815d00a2b149413bea0bae010b3c8278f5f205f35419873f8

SHA512
1bfd9462f7fa1ee2ab1a5c39ea033c0c8f8d4c181f81f16881ddb68781bb6da5a633050b6b9e9a03498a8831e737680ddc104baa231e0c5f553093ee5d4f9a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
f1ced569a879d5124b2a5823f17affef

SHA1
96cbc207146d10bc9b61324e801aa4894432bc6e

SHA256
e9b03550eed448f573883bbbc4a9ca7b7bc5019da66d799b886b3b073406b680

SHA512
757eac69349c2a6800e84999da0aa9a032cd321f46e26fe527dc2434086a89b46e05c4d8502b39321c6dcc266110994f3496a1e8d36c76a62dc9743d6f87ba90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581eae.TMP

Filesize
93KB

MD5
27b2353d53202fd9aa64944f555e1eff

SHA1
ad88295acd702d8290e1f6b62a6bd0a1845cf5c1

SHA256
c564d984d3da4ef4b43a5e89a1b73b23d16b413f8f105a152b6c258d2bef5e25

SHA512
27c1bac476922a6f723465e801259cde783095ec6342e29f8f919c85d61282d057d2ef00dd6db208168a8ef46af46e998f4c57ec34572084e371168b245fee02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit