hxxps://atpscan[.]global[.]hornetsecurity[.]com/index[.]php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atpscan.global.hornetsecurity.com/index.php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627996181775643"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3328 chrome.exe
3328 chrome.exe
3236 chrome.exe
3236 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3328 chrome.exe
3328 chrome.exe
3328 chrome.exe
3328 chrome.exe
3328 chrome.exe
3328 chrome.exe
3328 chrome.exe
3328 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3328 wrote to memory of 3540	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 3540	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2592	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 3544	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 3544	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe
PID 3328 wrote to memory of 2472	3328	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://atpscan.global.hornetsecurity.com/index.php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xd8,0xdc,0x7ffb41c4ab58,0x7ffb41c4ab68,0x7ffb41c4ab78
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:2
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:8
2⤵
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:8
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3356 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4288 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3360 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:8
2⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:8
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4424 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1960,i,14532677127124333386,16454308787579320941,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3236

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5044

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8aca1251c74adede5641b7be82d61f64

SHA1
6be310c8c4c88b4ea0d4821e4cf0f990ca941e79

SHA256
dbb05949a768d110343cc208b3702093db6da0423d9a56f59eff27e9796dd776

SHA512
bce4d2926d60a67ef31cd236a423565a18c63817a09ae15d93587907b0355feb3ac5ffc02965a55bb003e5189775f0834bc9d94e0e71558852283e94e89bd0b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
4b0cd97d00363d6cb561a363f69b84df

SHA1
df717ec46da6d668ff4811fa48b1cf958c8f7052

SHA256
0869703a9287e0a32f150c995c6c586816a09c0b701f3858bcb6f8f74030d5f1

SHA512
ce8a151502cf3aa5cc67a1a2c028ba52b83afa1a649942c12d96ebb8bccc20aa21d65794f75c9e3477700cecb33e37e582b1f78267f4bb5bc8f14175740c2857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6c5bd73f1d2d850663332150e1e3774b

SHA1
0db19ac604560fc313fb1cd765ca30adc8012cce

SHA256
90917fab55a159b83cf1510ad2ff53e59f9a8220e05575148b38eb68dbe2e1b0

SHA512
05cb3e1fd775c415ed510816671e44e1d21e723a8b52874545b0606b2106a8d1347fd3ec1153e1c63bcd50aa96ca73eb565cfa2a4a07f0f64876817b9872cfec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
5a16af01010e622b3d7c1cb67c3828d8

SHA1
38294905f56435478688aefe01609d0c5fc685ef

SHA256
2de521d51ce522b2526ce348d8db718b3a1b4e63cec3b299f68a9794ccbb10ad

SHA512
d6c2315f69f5cc70c95ca46dc4694a8ad225a6d2fc9175d78e1f2221252e3a6fe7aababfca1e7ff2d4c522e9797c36c60cb53883be83819860e6aa30a2c5a717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
262dec9d77c5d98d03783d9f4289404b

SHA1
bb9cdff30dac2e447b47bb842253e17165622ddb

SHA256
26bd4a05263e6f646600094733fdbae4677353654ea89ce5020d75e6c4c56efc

SHA512
d9673fbee3b2ed26106ba82adf71ffa66299c511918b04844635df15b8944789bee0c42616e72db4f1a0caef5fdcf7355cdfd0138783786f96f1c380c2603103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6550a95081ec22b9ee3b421c1af68b3a

SHA1
2794abf93a4f5fcb32b44da2612184c57502dfce

SHA256
2a090e02100ddb1fdb3b98c83a1d1cd4d964a95b06615f20f9978facd7e11928

SHA512
38d24bf99c5cf70fbf32a331060c431c17ce580c84e3bd77a427f9088a1206554654f97716d8516fb39b3364e9b58eae6a84554e980f1a6e1ef618ca86256ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fbbb82d9592c636fc7846fedfaf3297e

SHA1
0b49352ca61faa9372f12717fb7dd2e7f8a8652b

SHA256
f90ed24a437afba939802777ed58a29ce2a781ee3fb93f5000c7ebcfb74e721c

SHA512
e802d2dc25a20433b55f8f737c277eb48690f479421a4e3e3ef2a3e0e20ca8beea3b12d6ad5734d5e8ec0d7f790bf810d2a713d675c03a86d2871074d76d5440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\c2f3d6fb-f12b-4220-a746-7998980cd6a2\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\ce8349fb-6519-493f-936f-aabe7aea4432\index-dir\the-real-index
Filesize
2KB

MD5
57bfe49a7fadfdc94869b905e7ea80a9

SHA1
6465e0650a47c03d9109a324b7cca445154b31a7

SHA256
f6ccd2ce9c1fefabdc9a8d45e4bf2d6195a4b26af5c23d8cba8cfd2559e75167

SHA512
87eeb28622373986dce22b16e835fbadf47411ee9d7397cad578ccf4ba17df449dcdf9746e11ca8051e5ba7d932a9f17c87ca77a3b47b79dc2cff7ae03ad19a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\ce8349fb-6519-493f-936f-aabe7aea4432\index-dir\the-real-index~RFe57f2dc.TMP
Filesize
48B

MD5
baed088e4ca4684afe8682b6926e98c0

SHA1
6d7cfbd3bf0a2f0070d2c1352f6e50b8bea90a54

SHA256
79d238be80b7c750fc7cfc0d40e15090f0afc24a21e342ff3e2808ad1c8547f3

SHA512
1dbebe7ac662dac3d3508b372f385e8e3a00916a268c459696335143c6ab2bbe2aaa395a189c1c42989ab2711002eecfdadf45eef194c04f6cd9ca533f5f9f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\d2ebca7a-ce38-4e86-a90c-1ccec7ab81f9\index-dir\the-real-index
Filesize
120B

MD5
16b866cc94d8a7b0692f7aca1147649a

SHA1
8026f81fd08ab4e23098efa214b2148433e7d877

SHA256
b8697f961434fd1a8ac20b814fdff43f89b033e2d60c8da8f0c568a23679c816

SHA512
cf38a0f9f251adfba8a07b526329c6791fee93ab8ef3efab8c281e696bcb2bbbb99781099fe245832535f056e1d1c09daee34dd20b98547fd90f0834f6bed7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\d2ebca7a-ce38-4e86-a90c-1ccec7ab81f9\index-dir\the-real-index~RFe57b16e.TMP
Filesize
48B

MD5
eaa6beff1410e748a580e330fb1709c6

SHA1
ace717b12a5941f37fb6c2c99a32efeafbe392da

SHA256
ab7203a83ff5250e983987bb9b065c6fe65423731ab49b744b60ee859756db45

SHA512
af1cc19cdb3835a8ba001315e60b4862848781f33f754bb7603562bfb4be0491d4e6557725f4c0bc57794cb4560fb5537d14da8c7b8e6ab47fa618b849381ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
266B

MD5
12da13d2b09859b7b0d6b694bf46ea53

SHA1
5779c527aaec10ec4d3bcd9d7f53db6ded07eb76

SHA256
e15dbb6d24271fc910cfa4954384a5de8d4fabf15925491ca16c58953ca968b7

SHA512
9f714b17b1916155d901cf2a1c47bd5e71b89d846392b7625bd16e3ed890f2315111a309443faae8ef84c9f9f8120f232347fe45d93b1c34d5d68ebdbdb3c8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
380B

MD5
28fe840baee3da69b1c5e922a97a3503

SHA1
7f37ca280809061595613ab6f8e42e76ba470c44

SHA256
21c07280bbaa85a0ac93dbc32f1db8449a1eaade2db384a9f4cd43c3a21d8b9e

SHA512
556323c1b42fedb284fbee4adc3ebb4dfbb73c4d5df977f6c1541de375567660309502dde872744f4f4d448377e44a83db7d2f35e1602db640766eabedff2c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
495B

MD5
d19b809e9f862c6a97db63487473754e

SHA1
d45e8192897a342d970374752dad51395f5f01a1

SHA256
62616d06d5342e7f384a6086dc494326a43609058714713e1ceb4edbd903c98a

SHA512
55dd8d122f23d834b0db361604a52528a615f12a69306c0be8a8d6e4cb17c0d601490db4c57cb5d6046c652d3c1b9a5ffd1fc84d976ce6026b1d420bc1134380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
612B

MD5
598bf37fdad767be86d862baeba3637d

SHA1
95d84db6dba97afca81b4fc39f0bde3c9ad3eb12

SHA256
c4c8db69ff1ce1015189028631d607ea2c2f6d3b0b4feebd35768caa963ef0d7

SHA512
dafe83d49214a7da9e66ece79e98763998ab615de4709b57a71131da9b8329cdc3036bfce1db7031d1aa626ceaa942a2a86b0094edda1be98b6b25fe63f9c712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
608B

MD5
2e6ff33ca56e7a15d0bc98d48481794c

SHA1
aca3ee31139c871b9a9577495f7c2681f5a552e1

SHA256
f9493272f45905fd221f81e95e89f9c2b01685fa566e33527d1d81adc3d130e7

SHA512
d6b7a7b13fc7ccedc07152596fae65451603b2a44cf9a26cee5ea6d2686e7424e13ef0ff6e528391a93b2348ee57771e68e641b4306f9a55cd3f56eb8dc7111c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt~RFe574f97.TMP
Filesize
152B

MD5
42fa14f496155f7f5fd2ca2f7fd97e2b

SHA1
691fa0f2dffb832352bb0851b1e9d7137ff2057d

SHA256
52eab79c404e39a1995724930e67cf7df496bce4e472235451eb4dca8c89cd54

SHA512
28e25cb1c139d51b82fd8b041053a27786a05935abcc0a378ba1ae996d5791e07827b994f6674e59e5f516c44bfa5674cea33ed8389d2da26ec72ffb3ef07835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
f3abc6a561f06163be5c5340eaa3badc

SHA1
c2a07907a8a31b70cbd03204c58cf9acff579b6d

SHA256
9c0e91d1fb1aaeb827d5eb771c203d7769417f63e2b8eb3b3a8024b09a91fe7f

SHA512
8de6558567ddcd839fe968eebde38b8599e1d983045a7f36096143f66e8dd3c3490a539d363eb229e71476a01342b4a4ff0678024ef5126961d12a25174ea242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
4affc37ecd166054c5b53c75ae3c5c63

SHA1
4989d3c9bf8800b0877cafda8abfdc950b8a6031

SHA256
3e767e53fe3fca0e2ffe5af50b53afe8822ec36f7f390f8de9aaa70f1480f171

SHA512
0354af95db5162eaeec467b5be13637fe14dd9865f42d238736162a0dd5f9ff0166c6e893290555660558596b3369ea7f9f47c1bcbcabad681793966206877ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
5a9717ca63b16509d69c01ce6ea0ede1

SHA1
87feffce836acee392d18040072517d68f6da5f7

SHA256
05bebe78c7e03741b43a788887e505386609907be7f0dfd0924ad7f06e58098d

SHA512
fc33cefb0f6c9fa5baa034350f346cf36870386ebfcff77027c225e51eefb80553adafd8cf561745441715b4a1d18a91ffed56daa6c5145b16908ac1c5b8bd8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b0a3.TMP
Filesize
91KB

MD5
e18b6f9664d692b0b03dd8b8d9165148

SHA1
4dbecf1519c32b87219858d09495212deb83e176

SHA256
8f9d080827e523a579c9ded16541dd16b87526236baa6375c32169953ea2e289

SHA512
d5e9cb6f51b9aed4e9269dcb1e25e617f139fc0327f1a8851eda54e30c8d3fe5dba76b79c9e78abe390845df8a7cf3f9f9ea2be2d11603bfa53e4a716a0d5b1a

Download Submit
\??\pipe\crashpad_3328_SUWOXBQSHLOYLBUH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit