hxxps://www[.]verizon[.]com/econtact/ecrm/includes/html/vzfwdNew[.]html?app_nm=MSGCTR&env=PROD&destination=http%3A%2F%2Fjbroughton[.]flarefmstereo[.]co[.]za/jbroughton/jbroughton@sares-regis[.]com/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
23-03-2023 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.verizon.com/econtact/ecrm/includes/html/vzfwdNew.html?app_nm=MSGCTR&env=PROD&destination=http%3A%2F%2Fjbroughton.flarefmstereo.co.za/jbroughton/[email protected]/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240426228970061"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2292 chrome.exe
2292 chrome.exe
4444 chrome.exe
4444 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2292 wrote to memory of 3684	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3684	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1884	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1788	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 1788	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe
PID 2292 wrote to memory of 3964	2292	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.verizon.com/econtact/ecrm/includes/html/vzfwdNew.html?app_nm=MSGCTR&env=PROD&destination=http%3A%2F%2Fjbroughton.flarefmstereo.co.za/jbroughton/[email protected]/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9a7549758,0x7ff9a7549768,0x7ff9a7549778
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5664 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5724 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3352 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4976 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5592 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2520 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=828 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3296 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5192 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5256 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4592 --field-trial-handle=1772,i,9115946193026527470,15445973285191077865,131072 /prefetch:1
  2⤵
  PID:1888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
fc919f1eba722ff57866ec60c2b74dea

SHA1
42ac1802d37eb4e809d398c3f024a5010bbc36b8

SHA256
29fe6e5ac17d19b5b7298f3cf4c1059f8b3b22a9f3a64d1e2d3abfc56509d8cc

SHA512
94492b5a816a6b2a7215fca831aa0d4840b0859722dbe1c13dbd82659ab7ce3123672238489b03e21e8ae373b1a399d761e8f3b8f93bec38e0eb3ade02713b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
69c2ab9487025d94fb1f6ee0d315433c

SHA1
54efacd47509542249a8cd7d395163c171d7f351

SHA256
8c98c3c9bca34992f602b45f56b05ecaccf21c854b8c44b3dd2bc31d17fd511d

SHA512
ecff440d0e929579e99dbbf346c499b1cec219030302e2c33e8ee4dab7001a8db549bfff08274271c8d1fead72fbcbf805f792f4e31308719fc3aa687ee026e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e18315100f8780e44922ad789aa9c72d

SHA1
efa879e0deada7db513d9c66f86d9da010dfd89b

SHA256
c94f55dfdf23fef99359eb0b1cd449ac1a520b7af8038e4acb23923d525df06f

SHA512
fe22593b4cdafee225a5ef471647d9d2fe0a8f288e4e081a7d9a9623464e909b585965d31aa1c84db2ddc10ed8ed238f3066f2f22230b6ff3cb83dc6f5ceb6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6d144bd63d39e84d902958ea2d139600

SHA1
603b8f371927614fd3b5a4e7a7f2390c52b88e96

SHA256
6392153e74da98c9748b6ff9dacae59ddd52674f97a37727cb98fff5e9041584

SHA512
a52910464b118cb9fd637508f39cc07167dcd0f7fb62d6c7de333e62bfeb6dffc79983cf37c0c004a8c20e07be1d3b9241c684d2323ee193bbbf7c25ac82b0ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2667db6e25e070ecbfb1e5965ac47d14

SHA1
a2a406bce5b0b3f7069d950f21b715ef9ce44848

SHA256
feee44819b52f5fca6ee86a2c5eeb5dffc908918f18b61ba4b68fa1f70851e56

SHA512
727d306d6a43aaeef79b4392a1c95f150f305f92d391b7374ea41efba91b8ff3b8bb77a4fea8d891cf8de02c5df7cd3d097a775c5bb08b0e75b26528248b02dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a600a625b757f1f0f55e0385dd02ebbd

SHA1
e0f5b16b16cc1157af775c7f295c17f050f5eb6c

SHA256
ed49b1b1c69fac1742620b4ebc84763be23a97db14ae729d10b6cfe03ad6ca01

SHA512
950c9d8a6a83d66e36b6d50d0cb0c65e311ed6b2642f39b0dede6cfb686564a123d18a09164ba496139852618942f91c970c2210ecbd8a766368689d0392f5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
1937eafce17359b38fb3d94d04b8434c

SHA1
eb38578585bbd6df0c1c3b87205bed076d85a4eb

SHA256
450158e6be0a684cb693a84ac005460f995598c30d16c54411cf58cba718c495

SHA512
4da837e82255ce7c482418f1614eb861261089803914177a64f0b0910a3e07cc167b0b65c26e62aa207c1c0d43698cbbe0a50dbee9c2c7bda86f800d35e35f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2086057476debdd12e119888968675f2

SHA1
dc0103071e3d1bb8abf33a70defab32befab17d0

SHA256
7dfc208d2f08c8e8250278e34d865ca24f4864536647d34611186c6d8b3ba788

SHA512
3634429098173a3660ff4ade1bed5d7fed6c3ef7902919ecdaaddf50c9aa5d109839d930095314f375ea3a1721014739fc00a65cb8cc601fb7bc95a6cff30f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
67946902dac344d2542dd7ae81e644c9

SHA1
a75ea19934ee02068ccd573611b5fb3314acb73c

SHA256
4d726252c8ee423fc8db9a1bb9b5db3e4356894d66132ca02f1b681596e0def6

SHA512
c04a4d783b86274fe005d1b0e76b80abce07e8d7ba41b2af652db565f442df1ea60c289f8563b59741de17889c803f8edc9611cfb118dbd15247ed49f772bb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd92e1f5b3101d0d21e869473233f47d

SHA1
f5184c7e508cde2e69a4e58cb482ef52712f4124

SHA256
036d3319fc4686cbdacd6e12a4ba7bfae3afa4239fe147f55ed9bcf057289cec

SHA512
865f5de85f31c0ce51f77c48f5bbc17e58f477ba0f62b3f2523bb7b8b0fb41365808cd2a83bd3ed6b92bdf291820c929cfb574d90bcb5d8ce5d981e3928a3bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f510036b0f04d7db859e994af269525f

SHA1
64ac92c3d5e5b12f61d31eae882136fe6e0e39a9

SHA256
6402a3c1b049a59cce12e178b5058a11380aa6372ef751aa40d2cac927ad8864

SHA512
adf04f08a06926dab0a1a7db1bcd89ee120e15aa58e9c6f9e3aba3bb0d1bcc6147f429414036a16aaa94d91094df14ae464d1ddf9c72c7574bdd1d03505f5c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7b2258158a69fd9fabae79886a17251a

SHA1
956e2a637f1066fda6bdd0dcda0f9a3170c719d4

SHA256
e4d40dc892a3419937979a9dd9b75fb1f26a53570fdf207f2f160d8642ff8ad9

SHA512
471e5fffaecdffe1e34471d7c585be9e1a1b8d8235eaecfb6cc59865c8ad96794fc633d217d94776e44cb401d68e7ea914654aa943722696ce44fd72e7898a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
25f295a31f021cfc5021f7772576ef9c

SHA1
f5751555aad755d2025daeefa821846fae46aad8

SHA256
ce5f237720f0ec29c758e84edd9f36c50d89f4f45b60739735cfa38efd478562

SHA512
6f601a412c96e62aba53a5bc5f690a78abf4aab42668eba7afceabe2c245c5b2a6b69a486cde6a46b721dc4002e7dc2e5c97667b25e1194e89f26b7c5bc42565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
284e7958de70be3dec43ef8ae1f470e7

SHA1
f03387708c9a5f2846db7971b4f1fe7940f349bb

SHA256
479ac50920df3a80fe18fc9eb92e67622eb73e803d9865cdc9656074d2c1d3e5

SHA512
d51950402a9ac631ac9677624f65bd631d6cfea6feaff26af29a8e0d3fce82f21c65c87154d868970b9994f610332fea360047b2365706c98096639465c62bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
014430d91404633207e8c7bcdbe0f99f

SHA1
b56aa0795ab5db6d0a67a5850eee52bd3085b7af

SHA256
82cc8dbf4461688caee0699bececa1a63c4cd8a7626047eee1409b42458e36fc

SHA512
be2c5879bee24d0df51d6eaf3068162d1bfd166071d766735c9f7698ae994290e87dac15248df0c867344c1eb50751bda648a965f4e4fecbd0977c291f3980b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
55c1b36846d7fcb7dfd525db813509c3

SHA1
d7968117f6538505fa2426d93ac2268d16a53599

SHA256
67fdb8b5c1db6994012ca4983cba826a02feb5f0bb5c34a33512dbadd65675ed

SHA512
2c6c3372e3f5d6b5484320b567bded7823b697feb2246bde3cd4c0e87473a305fcb48ae57c8531a47c746bd1f43458e6c55f9b2e71c850f9ac14c695bd47d7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
61ba7177b133425375764d751c136382

SHA1
7171d15136321d121ad0cd728bfcaf21cc254529

SHA256
4715f7632444f7a2d41d1e4417bb2f41817b46c8f0538d210d483caf5521fbbd

SHA512
23867782a2d155795618e199c47dcc60c9c6b0670f76fc57a4a66ff5033b7659c5a335d0d2f92afc3702148cf23b3531e985fbc17bb2fe0242d5c07239ba3139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48d9f9c43346f40f986ab162db07753c

SHA1
c69b96f8854afb455098558a7381e9d2c36c2762

SHA256
9c1e9c10fe88f5d0bde1533c7c4c349f654fb254384d248d536bbaa9f241ce42

SHA512
ea636241b26005ecf8a3ff99afd69ddc39a0f471dc04d26b3a444db0a09cd9c9a8d687511a58085de30e5d750dc72dc3bb99fa130842028976e9043e3eefeb98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
28a4fac79f2055de212c68adce61c24f

SHA1
c5313c932a8e9c421799cb7c63926c64e6448edf

SHA256
67a311550a567d4b878f6be5861fd9a83477322e2dde7eb206f5c7d6a44fa07e

SHA512
38b51db7ded74a7528265c8c04f1a59adfe5e97051d7dae937cd61fd936d790f41ab9df1608b94c5d35cf4305aafc17f7cf9ad179ef770867769f1d60709cab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab7cc90ec3216ad1d12f1de289668f52

SHA1
e01f78f9ea70bbc0c68d6b0bf2accb86c5ec8651

SHA256
b067a71926bf681ef86b5a1a95629037c4e17c958dda4f88b634ac516bcc4c96

SHA512
ac524d6caf21d2b91c0893d8ca17e5c0d720bbff0144f2fa7d23069ebed524e2d1d90ba35f30c0cb079d9d30c4d8bc4399e55606731d26dab999fb1047f8c358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6747293550928ba4e82dbd0fac78e4af

SHA1
3c1c57b286e731364704213d1e51cd694f3048a8

SHA256
ca1c1eae976f5e960c0eb617f9b7c32fba7f8ffcf28d2699e0bd24823b128afc

SHA512
68fe00737e1c0816df06a8515e17cd2a641f182696e54fb903f459cd6dafa2f76aba552c4beca5a0f1cc3aa28810d3f5bd797586423a0cba4864d618400f4603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7ce0b3c15b4ed36deda6a6ae6bc757e

SHA1
0cecbe5218ecb4d51efc865c0467539747bd9b97

SHA256
aa445559ba1f441c57ba663ad482ba37a3efcc0c1ef1520458fbc932a3166a9b

SHA512
bc80b023aa03d47428066b8877854413bb01f6a099fec851fe9991e141bfb6f6405e80896a89b9975071dcb85e8261dc7383de7af705fdb15360807897036605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
05d6da94c443b2b39befd4f87aad749d

SHA1
2da0316a93719924b2dc3b868920ffe8c86d56c3

SHA256
778bb71e908bd6c855133f459aaaa4c8ee9ae1abebd4d08c25572c2efa2691c8

SHA512
6da6ef4fbe770b4122c781d2c3779322a04f58788154febfd5743ef247150392d16f9885b33ffd1d319d0395b31af3a9897466641111df90608d35870242a655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
3fdd15e3b8a16cb7540ff003b46170cb

SHA1
cb3de9957ae7f93b8302861c09bba4268b4d4470

SHA256
5e7d6bca915566de4460a565308bb5a5d45f28156f13f21df11a621d79afff1b

SHA512
0d7a7c1d11208b9c813241c69f4f0c1648f5f10e082fb3b1b03d1be9a750c62fabe84053626a97f04f616457370e8cf0554c8f2bed871a63765e0ac812afe1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
ff2bcb54e159b05819685305f00770fb

SHA1
120310fbc935b33dca2166f52894ebe5b5683a46

SHA256
20e4e1866df9c9a56cf1191c14f6920052b2482799ed9e4f821782945b680156

SHA512
ae96c2f198d57933b5a58415c28fb634fd43c808c2dfeed678a29cd311b986ef59098cd6f27996a53924382fd01a189c2913494cdc441feb8109d232f76b4398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
2cfcfa14924ebf6e0ca8e7f221387b61

SHA1
7e9e371ac5b218387b9e4e41e5015fefbf90de64

SHA256
e51f86f5384b01cd347bbc7511cda1604cd46a4fbb719873a3647e89b866d613

SHA512
b0b05babfe18be1e2f21789b36eca2b5531c6954353c65f8907aaa0fa0708d04aa1d37660db78136cf2ebee9d589513f88b2c765c3b04e1bcb3aa27e841588f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
06f863b5bee3325af408509e01e2108e

SHA1
e02989032d7f9ee0153f226aefebdaa93a723362

SHA256
96b63d3154947c61c97ddd7f574f82d90fe71fdd33e6ed08fa361974bda59ccb

SHA512
1312eb327e90b8212e3474a6c07937086ce429c683648462025434c94d5ebaa73c07d088b386251506fe5e37e473c56a33390fb098b047d15e0a418ae336a4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ada5.TMP

Filesize
98KB

MD5
467fa24af57f2972872d6fae71cadeb4

SHA1
0705bb4c7d724bc1950933435cea509f67114f54

SHA256
896f286644226b67085379b7e7f6bfae700305cb2d7eb4dc94a95aa391d7bf8e

SHA512
7d794165067b99b1cb0955735424db6c976b7ab123bc005714f3ee1aad6d864d274e89197cb992089f56a5d79a316bd8be8abb91e0bf2eed0bca650b4bfc698d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f4bfc611-f45d-4dd0-b2f1-7e26d747e6c3.tmp

Filesize
145KB

MD5
79832069da0c7f1833c462f4434b0145

SHA1
c6e50d99aafbe00f32184044ee12f34450461ff2

SHA256
95739091d6414711df3a279925a2e4c3a90ceddcc439fd99f917010592ba7634

SHA512
6cf0c3156b274e228065c2576c38a7f086a52b6b9159088a1d9e57e36ea825579733abd7ad36b310efa35fb8d3cf98344f29770bdce3eada7be225150edcb05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2292_IAPJOEZWKKNGPWOD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit