hxxps://flenditch-brinoe[.]box[.]com/s/vjxjfwty3orwa7cvj063khfyletzcqqt

Analysis

max time kernel
162s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://flenditch-brinoe.box.com/s/vjxjfwty3orwa7cvj063khfyletzcqqt

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240220254430316"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1580 chrome.exe
1580 chrome.exe
4036 chrome.exe
4036 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1580 wrote to memory of 1336	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 1336	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 2840	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 4884	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 4884	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe
PID 1580 wrote to memory of 3568	1580	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://flenditch-brinoe.box.com/s/vjxjfwty3orwa7cvj063khfyletzcqqt
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc97649758,0x7ffc97649768,0x7ffc97649778
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:2
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5320 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5568 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5492 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4652 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1708 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1788 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5772 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:8
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5824 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5660 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5860 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3584 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4708 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5872 --field-trial-handle=1764,i,16411153206310843366,7835006448334818412,131072 /prefetch:1
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
e9d1304ff578947c6f2cda98e861db59

SHA1
135e1d9de204937ce845ee0343bf26fc38816b7f

SHA256
49315c1c79ae680a45f8657aa368118685b20fe64f0bd75210a3685391b25d8d

SHA512
b2311c3f7599405453836b23bf812da40511f89e1cba8b73e25be721a1fa0aa449745bcaf9710a35b39bcf57a3efee9680d7ef64011f1621441bc28f1f42ba1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
e5ffecb05cc852ee7e2ec4e232baed16

SHA1
a41f26739b9e603da57a10a2bb193e629ca0e1fe

SHA256
78307df60ce43d946e5d6ed4ea4a29a98d5c9aadcbbebb0b9666b995c6f04e89

SHA512
3be09057fbe1bcb05df8018beb6e68bcf296c536978330f27191bb3a8b685fad69bf84a44894c9b5d6dab1f5aa63afa799f0ff7e387a9a5f878d9f0e384e96d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d83b57298e70fa164949716b6569f376

SHA1
5c9fc67b19e7147f4887463aee072e0a7a88f185

SHA256
4735afa922de780775bc96906e38a7bac2c743cf993fc12526976397b48b332a

SHA512
b839eeb951da0193ad1a9e13fabd90520590774552c49ccfe528f6b900a4f492f92154b43ba60cf8b567ef41cda5818e33940b8369b4fb300b2eb0eab78d316a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
fab1040fe91ecf60f0df763013b88856

SHA1
a6729808397604ae6d9a6d3ca1421d42c19d0ab4

SHA256
5cfc751905287773fed32fd752363d59810369e9e25ae84e30506c5baa5f0b56

SHA512
2284d71eef9bcb9b69a4edf2a0650f90ce7e0ddc9326202e0255f0630ec2bf0f01215feb7138d824795eda2f7d482176cdaf4cd9995a4e185d54e691922b1673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
55670053a365145f6245e04b81367341

SHA1
cb18bae80882257e1231a15537a54950ff49f6e8

SHA256
0c5a114060d1dd2c552a8204ddcd04e1583c3ec0d17bcc662fa253902ff36e55

SHA512
a801fa015ce47ca0f1a4584075766b2dfdac5ec6f99dd8b77bd025204ef6c0b323be70f90ea26193c780bc8301f9815a304014f6f2b6795c15e7f993db759012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
244a5a0eeac52b999c74f5fed77a073c

SHA1
42c8087870377d5e0c0c57e1cbe79598c3d971a9

SHA256
f22746c24c1f67ac2687b52dca041141656177a95b45efa7c0cf3ca6248e9b73

SHA512
36afbf20bbdf1bb97544d99bacea883caa708e01ddc349d2a9eb74347082a0303060bcd9a9faa5114f6823d76cfb6d87f29bc008d5e4cdd2aea35d10c66193d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f033db81510e58370c7eb865127fe82f

SHA1
a03492f06f97166d0c03e263cd18b31b26ef6f35

SHA256
5e866867b88726acd5cee09d18a061416e22ec207692751c9ce228dfdcd43ad0

SHA512
a71e01ca8d01575957fe81defe8c845f58d356bccfae009cd2affb53851257374ce0658a1d440fe82ee6b951a71e6ad95f9b688f575fcbd2b458efc8810bbe14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
27de0b0834a13dcd44c184fe7a8b7dfa

SHA1
b86c8175b67dc8ff1b135a438fba62269ca8e5aa

SHA256
e48435b10708d666af628c47a61e8abf4bea71a3747c3b1f2f3ff0207f06e4fb

SHA512
0e71b9a6ad0a0d2e624483690b22f1da2bb380c208e28cd4d069dc83fdd9b1da5707b35e63073864704ecbdd336bb803a3afb317b2225fc0d0250f7bca928e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ebdd7f9f06aa9d0bae8f6e18865aae91

SHA1
20b3f593b8a45d66a7f22872d5646e91eee87b7e

SHA256
0f26ea88c7d25bb32ebefacded619051be2bffab0eda544649465e5ffaf51f7e

SHA512
13f88bd68b16febd99e55c594b9b1dac72780a7c956f70760836eeb3ba88c5286b198bad11d7fc246d162464dcb6e7cd713d69e4d356ff701295d0e706756309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
656fbfb7583a07fc9c922b70474b0f19

SHA1
34e9d3a9adfb33158f7bf1017d700fff500576e9

SHA256
168c11053f4973f64e8616c3edae2cad246c997867af7a88795aa9a4b6d3bba3

SHA512
34347b3820049dfc0f31cdfe57e17920274498b286b7dabdbdf06048a6d7b22ef27d83b79f8d82df45b8afcb8fdcfae5aab23f81e041e747daeeb1ddd02b9b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
674231a1607337c1055846a3a14c2c03

SHA1
ae5ef75d4d6a526a233d6c018cfedd984708837f

SHA256
74492f1b3d8105cefbd2753d06e464836c7a275d449f82917e393bdc5cd9e5c4

SHA512
b0d0f125a97ca899d353e8624941f646f23c5d71528b5228f3cb2f9aa1d50a954af4af8ff54e314fccb84fec2258aa43a15db98b23886fd32e30c3a6f9551299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
eddfac6cdd28349fd108806a8af00c7a

SHA1
980ad74885f3434ab3c44a33a4671bb7275de825

SHA256
042f3af3de3913959ae0bec008c2e93b542ccc37a93d74ad681546423c145547

SHA512
d776a0c8edd1c01b1ef54f5d12598499e4c8287e12aae73ba62e6f723d598c76b28ff0dfe90b5c75dce31f622e9d33ef9295b04766d15055c8bc636643de6c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fb364b8fd1fca677f60962bc8798a55e

SHA1
4175364529f20ec45401dc3274187549434affaa

SHA256
30ced6c17a6bb17c703208c7672f1ab29bf936a06e0d2ced295e1f79f25d1886

SHA512
4606818c0f8751b281ea619f4f0160830194ee138ebd468df0913faad0d30b49073ba14314a71ff87164ef765de259a89c42c165231f1e82c58054a622ad2324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
2475c3c146301525b6a52cb149ea55b7

SHA1
7e8f7eed4b2117ae3f50603085c7065cfb4cec8d

SHA256
12861fb0cacfc37b7c10a575366d33dac141b12533f15866c6cdef847d246f6e

SHA512
170770a00bdb0ecb792d203b1cb4b09c8895e152ca02d1c7611700b32686973c3f4401940d86d3807dc68a488f9a76c1a0ba7fd4b9b23405bc374857f8b35b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a043ba0f4fbe8edd778bdadfbf76c58e

SHA1
1a7cc34aa3f7d49eabd0ab1de36f6deeb5cb1b49

SHA256
730f009e434aa6463801bf04f3bca1f5bba5b35af329de8ee042287027fab91f

SHA512
68a2bf00e386eb67b06ddfe06d8a7a4a9ac56609ad7b581b4c996a21106678f8d9914b831c12a753caf6caa6004a35b8265d1ba8d29cbaa21fff2c1dcac223ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
d1d03ca5709c20f208d17ab452b918a5

SHA1
507682fa90bf76efefc09dec87fb8e2057b31d7f

SHA256
ba6d03cb8ef426d67f36a477ff7fe9a2f46dfb4c33ee2d2eded739f655cd4d8c

SHA512
01db1a60557357f7fe51d3d018d4aa943b77cdc312055afb10b89f4b3de4619bc0ca99da6f1732d1083655efba93a40ec66ebfd545d0bbcfe8195130984fc335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
9fcff042cc6944a5bac2f8b9ac4fa7b9

SHA1
5afaf18bd0f68aad110f48ee757a95789be69697

SHA256
8f1606178580c1576143881a26c9c7be7adcc83a3002bc09324d1a40a7bb9cf4

SHA512
4f88719a4c68525e6ec26fb422c851bb733614e1895ec73e8521e354ef5baec83017f9cccf49a39d655d663cb4bd293ef81c2d1432cc015c7105ac3cff08fdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
a85d0409ccdd0f16118a71c5615c791a

SHA1
6491bd7de8148613603149385f525a31c3d306f1

SHA256
809833b6e083415c944b730e798f5aad93c02eb0a54299d57f06c76fd4f953e2

SHA512
01d40d1dc11bd321c4123d1cc35b9fb00521b6700c8afa06c8e053f92afe48be89a1f8c46219183cc1d4a6047e6c0b13c540099b40d073702ebfcde854a4895d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
d6f04341ce0c0950c8abab2cce6e9767

SHA1
b244a580305ab3aa8e1e4fc5387605958d723b4f

SHA256
df9894bf39f7b692e2c842e9526f20a8fba32abb74027cec6e85584859b92b2e

SHA512
c7cdf3dd5dd8b99b336bd758cda9d451286a8f2c21ff1e3369e9ee464a3df295bdf1cef60cd74d0a81d646054a814f679013dedb246668e50282f40ef1245ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
40c7198baa32d513aa17f5abc049c7ec

SHA1
925e484e3d489a2b720548e860cc371400f366ed

SHA256
b6e4cdbe12c28fe10b6be24870fd7ee81a2bae43c41c75dc6fc50975a23ca6cb

SHA512
8d04fb158591cbd0f88ab3f7f81b87a85525480eeb1a117a480d4988bcb53655b2d07c76d4a4d9855a598b1858526554d220bbe71253c51bf3a752935f4c84a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe576283.TMP
Filesize
101KB

MD5
8a1065c3247fc4e4742ba1e93b37626a

SHA1
f503ea433ed4a75a81a7ea19b8ef0bc2b79cc4c8

SHA256
38975479e919b12f30749bdc956c8dc495850bb02b0b5fee22acf5739331b3c2

SHA512
f37585345d0494e6c71fe1c2261180fe00a2ed1dc94ba2fecfd8ef1507c54b8777de6faf55745ff5b8ca38c0df36c379846babcc5785713c3de2a115459ddb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cf4758fb-ecbb-4ca8-9f6b-36fbbdecfb19.tmp
Filesize
144KB

MD5
f2e86590b265ec1f449f674285bc6419

SHA1
95c9c90d462feda65a0d5a868482bdb8c5af3353

SHA256
292be9e80b817bfab240e6226a608ea9543470fff555adfffa536047a4cf18b7

SHA512
013dacd7228dc2757d19ccca8d5dcf008c63c92bf3295b8b261562a75bd39bbd0c0c5245a04e8a85a7ae1d6b317a41874a8954b278fc313652f6000401e8cec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1580_ZVZWNCMKDXJLBAMH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit