hxxps://mail[.]loraincountyhomebuyer[.]com/bro/index1[.]html

Analysis

max time kernel
408s
max time network
425s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mail.loraincountyhomebuyer.com/bro/index1.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	firefox.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2444	chrome.exe
2292	chrome.exe
2292	chrome.exe
2144	chrome.exe
380	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1284	firefox.exe
Token: SeDebugPrivilege	1284	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe
1284	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1768 wrote to memory of 1284	1768	firefox.exe	27
PID 1284 wrote to memory of 972	1284	firefox.exe	29
PID 1284 wrote to memory of 972	1284	firefox.exe	29
PID 1284 wrote to memory of 972	1284	firefox.exe	29
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 2016	1284	firefox.exe	30
PID 1284 wrote to memory of 1832	1284	firefox.exe	31
PID 1284 wrote to memory of 1832	1284	firefox.exe	31
PID 1284 wrote to memory of 1832	1284	firefox.exe	31
PID 1284 wrote to memory of 1832	1284	firefox.exe	31
PID 1284 wrote to memory of 1832	1284	firefox.exe	31
PID 1284 wrote to memory of 1832	1284	firefox.exe	31
PID 1284 wrote to memory of 1832	1284	firefox.exe	31

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://mail.loraincountyhomebuyer.com/bro/index1.html
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://mail.loraincountyhomebuyer.com/bro/index1.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1284.0.539412699\1001606551" -parentBuildID 20200403170909 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 1 -prefMapSize 220106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1284 "\\.\pipe\gecko-crash-server-pipe.1284" 1292 gpu
    3⤵
    PID:972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1284.3.1028329850\264220565" -childID 1 -isForBrowser -prefsHandle 1108 -prefMapHandle 1816 -prefsLen 122 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1284 "\\.\pipe\gecko-crash-server-pipe.1284" 1744 tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1284.13.744508368\817316759" -childID 2 -isForBrowser -prefsHandle 2600 -prefMapHandle 2588 -prefsLen 6904 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1284 "\\.\pipe\gecko-crash-server-pipe.1284" 2612 tab
    3⤵
    PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaa24f50,0x7fefaa24f60,0x7fefaa24f70
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1140 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1704 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3376 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3776 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1364 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1604 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=628 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=972 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,1904300840486478639,2469011721637683423,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=780 /prefetch:1
  2⤵
  PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaa24f50,0x7fefaa24f60,0x7fefaa24f70
  2⤵
  PID:3016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fc80069047253d14d66fd16a255ad052

SHA1
8d3e6dce271e7ba912de2210f45a660471545c18

SHA256
38a76ddc389cf166479defcfd4317d44780584376d13350aaab69a6b5e96c693

SHA512
4e64e4d6d9c0a457ea95de1bbb204ec91d35e9bf1f3c027c954c575ed9be2e0cbdeea633f8f3eec8c235c27c9f99ed5aa502058037ce569279fc5de46900f93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fc80069047253d14d66fd16a255ad052

SHA1
8d3e6dce271e7ba912de2210f45a660471545c18

SHA256
38a76ddc389cf166479defcfd4317d44780584376d13350aaab69a6b5e96c693

SHA512
4e64e4d6d9c0a457ea95de1bbb204ec91d35e9bf1f3c027c954c575ed9be2e0cbdeea633f8f3eec8c235c27c9f99ed5aa502058037ce569279fc5de46900f93e

Download Submit