hxxps://go[.]business[.]t-mobile[.]com/e/27512/business/rf3961/1218020646/h/m-sioRA2JWsmNOJ-8rQls_-X9EEkMrtnXzGOl6T57rg

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2023 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.business.t-mobile.com/e/27512/business/rf3961/1218020646/h/m-sioRA2JWsmNOJ-8rQls_-X9EEkMrtnXzGOl6T57rg

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
64	ipinfo.io
68	ipinfo.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133449715378820689"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
3104	chrome.exe
3104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 3240	4000	chrome.exe	87
PID 4000 wrote to memory of 3240	4000	chrome.exe	87
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 1036	4000	chrome.exe	89
PID 4000 wrote to memory of 2148	4000	chrome.exe	90
PID 4000 wrote to memory of 2148	4000	chrome.exe	90
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91
PID 4000 wrote to memory of 3820	4000	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.business.t-mobile.com/e/27512/business/rf3961/1218020646/h/m-sioRA2JWsmNOJ-8rQls_-X9EEkMrtnXzGOl6T57rg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef3409758,0x7ffef3409768,0x7ffef3409778
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3336 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3924 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5276 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5252 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5596 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5116 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5888 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6212 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6128 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5868 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4652 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3284 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6332 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5252 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6220 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4952 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5168 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 --field-trial-handle=1800,i,7455651448465848765,9925728441961338972,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9d20e8dffa5aa2742aa2c049efbe115c

SHA1
aa5e209aa9e8aec933574f100571554987a8b157

SHA256
04b30f64b4a2ca817f59ccf5fc8c6ac70b8331ea67326ba0242872c3d41f1585

SHA512
c41f79469545678a82d64674a1db3c60edb1e2d4b978faf1dc6ac9e2a8d5fe49c8907c6c142be61e0c6ecff5f014d31f2ef26af20e67bf6c4d75e1c626f5d984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.t-mobile.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.t-mobile.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
680fee687bada5faa36dfbe278735f94

SHA1
7a518c54feb2016aed008acc889d4c5fde8e3336

SHA256
bbe3077a2907501c9fbc065830bb670b47cb5126afd840361a9397457e97a126

SHA512
5c1960f45402f35188f4961e95e4a8bd7977c26b9dbcd8b3322a6885058168516a8f1bc1e3ff33ad507cf67ce2566dae724333c26d8a972b58c986d1d4f5bfa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
4fc8851b223146abead313b7a8f6b4f1

SHA1
4a347f03a3347afe4f49cf7769fb076ff62a121f

SHA256
9661850acd728776d9a2ced382aa23d93d5d44280a5cc3c7ffc0fe89aad2c2ff

SHA512
43450f1c4883264711d7f83399665dcf02c8c617bd372ecc3236c99ebacfad2b15749394a5eac2bcb83b0f998446e3bb48379654b505500973f11e2ea483c7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
36ec2bbbee6085c065d33e4e206a67d6

SHA1
514c9e7bd4043eced2907d41ac54816467eb8d96

SHA256
d6fa8771fa5dcae0f54df0fc53f1165a4f4e87e2d8b296974663a986a0db71fe

SHA512
15cb554947a5a39a9e4391ec44bd4f80cb09117d1b9d1697a0bad49116e801f9053f4043536d40cd178c1432ac7b67c136fc83f4e5afdd572e0904662abe9019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0a1ef2e0cfe6ee84a982ecdbfd89f721

SHA1
0326989f885d6125411e7874f59f60e4ffab07fd

SHA256
4fd6f653fe403df5407a2fc72f3ab14e8693432c8624d8515132ca6eb6775b41

SHA512
9404fea7f5c0c1e1906df68fca6cd14fd1ebf89d6db4bfc30e576053e09e34608eeeb7c2b5137d061f735a231cc4b6236d1946bba8a9ea69ee5e1fb07755952c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
6917abcc723ff5446f6d35e63cdf71fd

SHA1
871be98aa1d431728141523cfa6f73ce85a52aae

SHA256
e62046862080623334d33db565db3a0e4ec41ad2e4f625eb5af75e6a1eaa819d

SHA512
721b5fbc8c1085cd691f6730f4f6b4c0a69d62dfdd6525efd23b4cd1ead221b829fe56621a8f91878cc9e63f16bcde9b089f11e994aaf901b903b4aef2fd8d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c48411ed0524b273ec8cd44dab925848

SHA1
47f82e9a0b911360b916e9d304a11fbbcd3fea00

SHA256
ad58fac6fcdfa0a98a9638babbababaffc09ad5ed4446105dbab4533fe9283e4

SHA512
4909decdaebdf0096e3f3150fb4a3e710d841526bc093b1d13959ca99cca6ffc400277dd154a94f9f26e73e45958ea755b5b347ef71f1e4ba2d9b906be9cabef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5434f48fa24d8c272f668063281ebc83

SHA1
580833eaa57a732d379ad2b8d47f9dc5355170cb

SHA256
59f759d5959175459f1f3c31e7367f66bef61b51e605046fa4181e8e8ef4cf54

SHA512
f1473f301d1d9d93418422f289b09da7d09ca21d9c14acba856f7a236c242ff6dc37fb4806b7bd4f697519677b1c2f634dea776fc835440b83521575479c3115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
35afcd07c3560582755a4487336634c4

SHA1
3b9ab2cf7fcf237233c44ecd0c2d096e1ed4ceac

SHA256
8ab45f147308d7daac26b9fc4cb6665700cdcfc5258f1d241d44f334156745db

SHA512
acd419468fddd7ca08bc3af7259b5fcdcb0f6c88886f6bbb398fc99f4cd06714ef6c5cda5cb67a27b77f5813683ef57fb8bd3d8466f5b3b59ad3cd3544b93691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit