hxxps://www[.]verizon[.]com/econtact/ecrm/includes/html/vzfwdNew[.]html?app_nm=MSGCTR&env=PROD&destination=hxxp://test[.]flarefmstereo[.]co[.]za/test/test@test[.]com[//]Verizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307

Analysis

max time kernel
600s
max time network
593s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22-03-2023 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.verizon.com/econtact/ecrm/includes/html/vzfwdNew.html?app_nm=MSGCTR&env=PROD&destination=http://test.flarefmstereo.co.za/test/[email protected]//Verizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239945893818768"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4292 chrome.exe
4292 chrome.exe
1740 chrome.exe
1740 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4292 wrote to memory of 3212	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 3212	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4180	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 1464	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 1464	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe
PID 4292 wrote to memory of 4424	4292	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.verizon.com/econtact/ecrm/includes/html/vzfwdNew.html?app_nm=MSGCTR&env=PROD&destination=http://test.flarefmstereo.co.za/test/[email protected]//Verizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffea8da9758,0x7ffea8da9768,0x7ffea8da9778
2⤵
PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:8
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:2
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:8
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4596 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:8
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:8
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5628 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5332 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5348 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4520 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4548 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2472 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5620 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:1
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1744,i,8705982945423098329,908906355193865726,131072 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3496

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
0cbb56808faaa1a7aa802fc9228629f0

SHA1
870b4002a44c2ac1bf9630b63cc71792ebf1c1ee

SHA256
aef3865db2162237e33da8e5588e0c98490ba8f938a9558d759c6faa8f31de5e

SHA512
ef95c0f99b6523c502c7b76bd57cfc8e5f7698e7866ffdc6beb0d98a3a6081653b8454d8fd70c865ba87c3d959ce4b36b22c9390fac992445b3bd0beaff031b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
880b574617c7f6e345ff87f2195d73ba

SHA1
9573fb389134411eaa0fc11633f3beb088edc218

SHA256
b6b87401218db622b6087d75be24804a590cc4696c50e119813a057ba6626503

SHA512
4e888b7e9bb9dd52a7bae86b8e2c6b0ab9e7e3358be429c04448db12b322a1775915561663957b6a4ffae813b5d81cafe61f5be5aeb0b2b33fb8559654e7d1c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c3372e2ef051dcb4fa7347b8f9e34475

SHA1
b773a9306c5b84d65e7946b46ab75dd604e3ec5e

SHA256
121dfa9c0e869b3736e67375892bdbce0a0c1c3cb4380a4ca06869aa125f6bf5

SHA512
d6ac74250f7628bac0dbbc4d3d1dedd7016d3520c80bef74235931982d95e4a43386664bc7de9b7aa88e728de6fd1b3752ca4cf805b9a5a379e8b912539b42c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
a6ea20ca6af81766a24658fafb3188ee

SHA1
8748b77609c81d5a63fd445bc53a9f1585029ad6

SHA256
7ffe3774bc862ed781b66b6429a505ccfdddf1f53baa0d6a3331f4b3b9bb3fb1

SHA512
c371a985dc08bbb9486f380e08d05b11b4cc3d54823f725796b6614993937fdc6a9ece2ae782ea6274eacecddd7dbf6ef625cfcf80865ad1bd23901973d30bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
03a5d5efbc341809b778e022aec84161

SHA1
a3108215987e0401ae55b5ae28daae55c6227e34

SHA256
80a32c2dff366df1315285d3ddb479d8e144bfe8d1949190755b2aff2ce802d5

SHA512
7d7f1172e621ac86cf37db512b1412f17a5c4c5ed991a1e997ba694df902b3b4a31dd67f6613f6da2b0d5364de8d66da88ffd630fa0d7b76712eeeb33f1ab4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
606b6a1effb501f02fc9e51b3a8eec13

SHA1
ba4886b8bc2594b46c7b19b268a9aedb4064393d

SHA256
be73485d30bb1e1c44963b020228b9201a1866957ebb312b9b61b8aa1773249d

SHA512
64835d2f57d92515700274e68dbab35a76b97563f416a095aec16cb7faaf96675178696a684e3e7e83018e5302bd88bcd035347d31fddc10dfd93507f217a52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
536B

MD5
3f32f87c7d4a19757cfb5db455da8520

SHA1
0819a66009f7290cc5541ca52d1a310c74d5dc9f

SHA256
565624dc959d93a50fbbe2f5e6014b49bd6e03f7a7717127b3d25a0766fa8e54

SHA512
dae4d5b5c08639a171c36ad7e8da9e73715a4aaf7146666353374f95e497acf4c421dc209bdbef8f3dc34aab6fad56420a868cc6dbdfce46fe0edb1f7798fc2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
703B

MD5
840ff8364e900f9a5f6233e89e180201

SHA1
fa7d7931e40d54443c8b4029c5ed95b38f5f9d43

SHA256
c7b0b11dc268a31e4fc2ebd8723b2c45184b119b53f2aec933cc911697403e01

SHA512
37877db843fe053803d4b8edaa8ef94d0733088f85db0c7dcecc5dcdcb300abda699aa462c3d14f8582e21ab3af332239ee899dfde47645c275c7922e9ecbb35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
82de341474593cd14e9da1a522aed948

SHA1
f8e19d5909147fee2e135f6c6442789f8352fca7

SHA256
60ce91ee8cae7f9d8dc0fd1ee9937b31c64cc938781dab4f252055670084b307

SHA512
d15338037b70350b6e886635c394047fd7c03e033f83dd1a6e0ec1682de728978ec8c69abb44765f31045dd3d564ad4afac666c95246e7830e82b27df0f3c7d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
701B

MD5
36a74733c2cb4addf5575f8c913a07d4

SHA1
0a2c42c1539017aac9613563778c4e3f88bfa7ce

SHA256
3e6d002849d4111367ce9a7a0f6d5a4625573797670cf3dcc796c1cc0d67dba0

SHA512
263d94f7b33e1d5db2b8da196d8f8c2c95a7eace525a2f19d727b54010bd709d6d4c4b9a4b3f15d5faed91b7f5b7aa3064012da45af4d858fb2f2021299b3532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f00fdd05e073c4c561f43327b974dfb1

SHA1
14d26115ade15a0e63c93b22d9c5369b3fe21589

SHA256
a66a8dfed118caf8e12b2aba25df438a68bc4a0771b856ac98ecf5adccaeb3ad

SHA512
78fc4b17237921721100c8955e10044ffe395a442d1a3199c91fdad81e7ea0a9591c375aaf8be5d0e4192a9e62e751056729235012cdefce029900d55350d52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
016551021258a6db355d5f2bb18cdc73

SHA1
027f5a7fb606cf05f92dfbe22cb6259e24a49f69

SHA256
0d70831967b7ce06ef1d8343e76af839d5a516f851b4c087e25bfb1ef8db7fab

SHA512
618654fdb5c814546a8c717227c14edaf926678dac36c37ce2d5f61a6f3429a93b01c411ca5743badbc4f9230a2acd87eb84525607691e119522bca5f8e2d543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d8c60bc9f45af9e2a1a74ae06855b46e

SHA1
ce43abeee2d5cac397c25a7555a8a5f561dbddcc

SHA256
d7d16f514bc3c8e582c1972087d592868fbe2e5fd10deb5a30aff3ede7df3e58

SHA512
548a854c4a20875f06f2e2d82cb5a6f37b54550ba12195eed8d3343bff0fd4769383a24e0206ec55f1ac4988cd587c5cffc3a5349f3b4579992b47b2cc25ae5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
694827eb9afab600449378852262915d

SHA1
79d78a1398334d2350e990d0abf811291ccbe0b8

SHA256
d5d746753df6601d6d4bf8784fd7a87cb36cd014c45c2050221e04af8bee81a8

SHA512
450d15d99b6959f894833c13934acf160c6c2cf2399fc3fc6926220583b6ca140d7a176b22574ffa706eea71e35f97b21ccd0daf61be9eaca1ed1fb9dd8244e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
5ae4391ecea744210c9721ef881ec5cf

SHA1
9d7b620e6fad6961104ffb37a8be7fbb00882da3

SHA256
5c81eeae55ea6b45ebd5df644e1a3541cb2a51fb9a9da24364dbd872118e25ad

SHA512
9a7a57d27a2a0bb9256a19514a554a98f0723a6f527e79e8f049aeb1dc6c89e495a5990f95696232fff2ed3839620b9a790f36fc0fdf06c1467cb6da45005879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
baa7dcc7fd374fe3cf5f0d5bdd6bc360

SHA1
042c62c77be04e6be1ff5506ff3fc66d022d97c1

SHA256
ff3ca09e805d8d900884c23e774a9a98a9399a8908e22f20fde27992b512b3b8

SHA512
e94925262fd7d81d7300f6a39b3f56a5f5c41f41462c545955bdfeac789f31583bb84270a791221aee42f0045aebc0bd71238942fd13e05f1dc39e19bd5f96e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5947cd.TMP
Filesize
93KB

MD5
a0ae66cbbc6d03cc9935cf468b715c2e

SHA1
796647e31a96b74fed2118d94f7f8f46270d78f3

SHA256
cadaf59b19bb81090f7564936f873fb7530a09580a29bd444f6325e252312b3a

SHA512
1069c6aac024e8893186c16185b76441cf3471d2de498d5757988c3feba4c6c6215fb8151b55e797d19f8bdec05bd27f63bcbb0f7b581cb2a344e4bc4d23bde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f386bd14-3344-4344-96ad-e61a4f24d73f.tmp
Filesize
144KB

MD5
26c68d4adec61f75780d1049bd43fdd6

SHA1
c5326acc5a2757d51b2b0767220facc07153d8c8

SHA256
38cd4174db31fae91532a54c5896303371fc263559fbc0f35a492e1ac62f6971

SHA512
75475310c307ca24eea26d592b9ea7fd3f3e73da156e2bfec285d351220d8f169810386e9e5caf219a0fc5b061102c4e2a73f724848146edf8d39071d1f8137e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4292_IRJMAAXJGDEYMKES
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit