hxxp://www[.]ironplanet[.]com/jsp/mailing/mail-landing[.]jsp?userMailing=536238898&action=url&name=IP-MPE-Button-072523&url=hxxp://GHGGL-Westmonroe[.]destinbeachvacationhomerentals[.]com/cburma@westmonroe[.]com

Analysis

max time kernel
600s
max time network
595s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ironplanet.com/jsp/mailing/mail-landing.jsp?userMailing=536238898&action=url&name=IP-MPE-Button-072523&url=http://GHGGL-Westmonroe.destinbeachvacationhomerentals.com/[email protected]

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379325053671647"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3040	chrome.exe
3040	chrome.exe
1952	chrome.exe
1952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 1820	3040	chrome.exe	82
PID 3040 wrote to memory of 1820	3040	chrome.exe	82
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 4340	3040	chrome.exe	85
PID 3040 wrote to memory of 3256	3040	chrome.exe	84
PID 3040 wrote to memory of 3256	3040	chrome.exe	84
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88
PID 3040 wrote to memory of 3272	3040	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.ironplanet.com/jsp/mailing/mail-landing.jsp?userMailing=536238898&action=url&name=IP-MPE-Button-072523&url=http://GHGGL-Westmonroe.destinbeachvacationhomerentals.com/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa40559758,0x7ffa40559768,0x7ffa40559778
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2796 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4656 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3860 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5236 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5068 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4600 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3136 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5068 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4648 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2856 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4628 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5204 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2872 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 --field-trial-handle=1888,i,3554259545576226351,3908333972198625146,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e7b80368aa01ce4dc9b17fe49dd6dd0d

SHA1
9481df5b2180cc2b182f8a7c674176c2172889cd

SHA256
97e1d3db7594d9b16dea803ac274887b7f975fbefd1a62a62fcd7f6fe26914b3

SHA512
f9e45d8d6f8786a142b8e5b5ee5cd912d7a497abe73cbb2d3153594e382dbec28e66511a1f495b3e8e16f9962be14db63e9a459bff0b40697d433523796ff1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6f93c07a170cf3978e7d83c2a3ba9c64

SHA1
613f7f1562e25a5409bf4d9b615c69d8e5638582

SHA256
8def1e14b04593e218d9d5944782c23612c3130edb6d46bc12e4fabc9e56acb3

SHA512
43932bc0ead7a9f93d3829d7fe64008f409955128dc07e8208901704af15dd586f6c5acdd197966e29dbee463a7689dbb487d75f912c1914ab689e01c1990033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
07474db8b9b533e26bbc6fdc5c0b444d

SHA1
d325e9d39e2df472f7be44fd44c1d69fe4549c57

SHA256
3cfb55d52125ef0d4f0cfc1b2451de017ba4a6e5e09069df16e4e341044f2897

SHA512
de3291a16291266f61b0f863af7452e13ae3514da38433b4b1b5061f5a18b49ea94ff478724096d986b98bc511327167e0f7a2aa415e871622b3044f95bd7930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
518372d9c2bd3b265b9ecdb4558e82f9

SHA1
7fec37804a6ed16823789409ce1c1491ae7afb60

SHA256
48540324fbe73a3ea4ca4ef279925581e8423103695a42f009e735d5e58c4430

SHA512
58c8b2eac9af776710a148df47d929686cb23ca2f0e50e66f9e9ed449e4c77a2669fba368a8ce2fb2b8e3400de33ab15342f3707e70eb804d965283af82f62aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bb53b69476c02bf83fe60039c413746f

SHA1
be2d9567130d59c34cef83c4afd307926cac92dc

SHA256
069a93d8ceff467a21ffb9c015f944c406544b888d9dc180285a183ebfeb90ab

SHA512
814ab58f67c31330ac8700b51a7c6d3995ed6e04938d324a090574cce0403d462968303e8ae6ecf6eae91b49f5a2ae1ac49b59fac65cf45e8bcd3991bfbc41fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
91643dcf08b83ba20dc07d08fff72249

SHA1
7be2b251c19b71ba0cd39f8697164babb4e47823

SHA256
156816b1784c32aec648ef48979a9e4622b0ab1be29f52454d9bfdf4648ed1c1

SHA512
05dabca474d956ba1254cb19c84a5656116b1d98f4ff705488064d47d4b52c223ee8eeca59fa181ac98c13bba35895c8af057ccc625f8128e96349adaa575b89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
34ad1c0270c748f5d6e9e4e003b7d202

SHA1
bbfa04cc6fc83c272e3fcff567bfd83af6febc2e

SHA256
697ed2fe939efbc667d32f7d47f592e207aad6652e562826f0bee53dbbabdd03

SHA512
6c13d712126962c470fc6742411c7d3f2fa661a9f5ab6d074cdb221971205c8d6d40a7b13bf1caca68d2d6af8ede86461aaa557eb354a8e43d4570bb23cac4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
edfd8c92b4f6781935d87d4d1e3c1e6d

SHA1
82466874f182ca38347e4f9b9337a47c336094f4

SHA256
3d3cb5cafa2ae4f5884801e24452cea9ada9f67ba839b2e31bdc9b6a90f06a85

SHA512
f9f1a02c7be8a16e98a52dddcf8a2bdce76504a2ac0c22f2378524f0af517ebf9008864cd28e708b4d4b9ed4c456aee0104be93c41f9ce7108722981df244ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
02ff150ac95127e2a110cf1df7ee33f0

SHA1
da60779839c000eeb0559b57cb7de3deaf62d169

SHA256
fcd14bb51825c72a33c03c464be0c3de6b9c00bc2987caf8d1e61e6605305ff3

SHA512
dd821a8f8e6da0c168ba3d2060408e94db093fb677b272823439e80d26b3a336eb55756d5d1caeb425e1efc696672e479ff68d2d8870b74515b1e83554204f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
423b1327e12ddd2c609bc94de0950250

SHA1
e9c4d5402d204e72d62a8528a337bf4ab9986581

SHA256
922fab26c8ed286a1f1733e7b4e6a2830b82c28f4ff190412f1df734e75e0655

SHA512
3bb635ba5436f9981ff830d3348e431c0591759c87f3e905138f3e3a621d2f209291b6bf347bf6e0126ea481fff953334b8abdd945be84dd8a1a9c7df2fc56dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d59c597ba9788e901e66fa2a28de30e

SHA1
c0be6cf8f0be365f400672ba9cfb92fb09e75d24

SHA256
cfc104c9486a993b8ac1783dc78f10381fa4f4009939365f028ffe52432e23e5

SHA512
ef06e911cd0223fa5dde708931eb0bc14971edef279dff01e1034cec28a4f62f99948999f52cef9477c52377fc74ce8d4c19cea8bbcc1e1b997a157791416453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
be3326ebfda3d6ad5dc5e43c25416390

SHA1
97f3f11f76d564bdbce60d88293ab4dccd8777bf

SHA256
44c5944c33fb71defa0497462d30c8f5d4e1dc7842116ad9b6e69230eeb09c6e

SHA512
9be24fd366fc9dbcf7a3375281e529ec38abc5072eb1b74ddc363ca9601c2bf5bad2bb88fb1b26158f3623d0c8e171c2a063b29df6212e49ff1d8f9742adac59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c89a.TMP

Filesize
48B

MD5
bba4dc8791b1190fc3fef6be74ef2503

SHA1
81f4ddedbacfc9e2eedb95b02344c660593b4ce3

SHA256
dd4d0b5142b2d2ec3ea9fb9ebbca024c1b5e18b7bf8fe9bba3c088b0812dd437

SHA512
5b1a3a284061fc8649b5c9395afea2b7180aa31b01f2c39f557666265f69060848e4baf42812fab84808596d4f0ff8044da692e292ca0fec1cae3bdddd01d378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
09369a308ab9b3a2725e656a4e391da7

SHA1
05384956bdb7ae3b14fe31dea552ddfcd2b501ce

SHA256
e864bef78e5f51552d2006d86c48f073eff38397523bb4ae04af4adf87d0e27c

SHA512
26376f101a1a3824aacacef536a62a015d1ed1546b146cb995fbcc065531dd2d059baa63cf216a57bb045212d6966e82764e57eec43584b29e646d6e0608bc71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
06feb5d8837e851c52152cf1f95f721f

SHA1
a7a38a0ae6e2b28a9dbbd02f9be0970ab16897b3

SHA256
94f93f322b78e24c3e67c65e63fb9f54058694ab4f40bf552d8dded74636b2a0

SHA512
51c381eccd1430133ca0408b7ad8f3e442e9d299f61aef9c89b492792d9cc169755c6e867c739331f0a7e1f22ca52f7a6ed190693876d5591b46f933bfa3b6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit