hxxps://atpscan[.]global[.]hornetsecurity[.]com/index[.]php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atpscan.global.hornetsecurity.com/index.php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627988358086603"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1408 chrome.exe
1408 chrome.exe
1112 chrome.exe
1112 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1408 wrote to memory of 3628	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3628	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 3996	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2668	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2668	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 1068	1408	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://atpscan.global.hornetsecurity.com/index.php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e8b4ab58,0x7ff8e8b4ab68,0x7ff8e8b4ab78
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:2
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:8
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:8
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3848 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4716 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:3872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4820 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3284 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:3660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:8
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:8
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4240 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:8
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3332 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:1
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=2032,i,4285187156678668145,15752960409105492431,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8fedf2ef03b96b5b8e2ac7d2e4fea84a

SHA1
9cf5aa033ee561eebc1db1dacfa1cb12aa3151a2

SHA256
55abd42e61a011dfb22394db4d5a763c75496936c942bc90797fe71863d84c10

SHA512
17b0e81217f7f397e2e909de6f0aae474ef5888dc84c65bc878984bc5fbe1b0302893afe2f69a3971270893f8ee3ed6245f14a8e3e70e3ca5ed9853197fb88b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9e7809108231f9f1f4f2b16593e88171

SHA1
9f5210a3928c95d6abd926b772f02c75295e4887

SHA256
5b788a9643d02a9bc1993985b0387483e188de44c0c084d78c87865d3130481f

SHA512
bb2bcc3d6bc59a9c0df1a0ece44941357d3d330a4d5f16883f3382c6c748edbbe8c31cdfc9bb48dd0168cc8adfd802d46655cb0e276532b3bbb3b9a6510d479f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
f55c5848c98b0233fa6228f641f1f6fb

SHA1
0ea979bf0d1407519b1a755a410b267ea7921af5

SHA256
2d2143107b0fbb6439b96455e07c432f3903db8aed0a27f1f0134ddab73ca211

SHA512
42da346b785b9f31af5b3d22ff827df0506667719cb041ece470eaa41db8c1df22714cbbad3f5fbf91d375b7349717b21cbddf127e11788f5dcfb4710d2d2fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
8efd97235a093f2f4242482b803838e7

SHA1
48908e331fc0c5fe71ed537c002bd128580be919

SHA256
37b5286ca3adc09b374ce94cbe9c5cbc2452d1400de781fda2be8a346885b627

SHA512
88742465de8eb005955ba5536acaba4907263d65517a589c86ba68e2eb333648474ac4f4ed2b6c358268c15e13610b28624ab00451fa2d42e0ad78dd7461c5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bf0a0eb52489c21d88b2a09759c15d9a

SHA1
8fae9f0d49a0dc8564c4fcaa20e6b1180fa6b315

SHA256
bd482e0a4f87a35cd43ab892da3f2b31b5d92d067a69ba1383dcf0a8454b077a

SHA512
7d4d95e3887a8d84dac4e2fcc427c68923fd9b013c4cf90096dd72dd3e46c48dde53b9af4710512098693a80f21ff150ec46a7e47f8fbd78d23b9ca82b291bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b068e1eb71785b8a468e9d8b83fc4d38

SHA1
3eca9b215057a2018bd435412d23a8a7b6e1e1b7

SHA256
72b1223302815165540113f480b56dfd1580f4a6c94a6d3b32591c3e9ec4f91c

SHA512
ceaf3865788cb47d26d45932449a87871e7f0f58ab163dedba7ee5bcdefe6ea0077445c0cf20b6224dec63909c0bcaca146d4bee78a898b952f3e7049fc153c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4a6e734424986342a487686d7dacbd1b

SHA1
7f33eed61f4650a222a0694be9cc15ee4945604f

SHA256
4c6aedca39610829aa27f2f8b8873e8da41d99ec4f20e505aed85bd7931d195a

SHA512
8f8ba11847e07f91f332c0723ca59f7d41cfe3fb67e1dd3d7f7a9be824ce116322f050051958da7f904758b195ffe14699bffa1d402aa229cd213547d6d35542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
de3f31e21c8ccb2ad8939c0bc955d1c3

SHA1
0e79255d824f21fee501599f9fb920795c51bf6b

SHA256
23d426bae693c8709206a6dbc4fbda1d7366303484e2f8b1273749715c614632

SHA512
f98284b21178a37216d47abbae70508dfcfd820f8b6a26dfb43c060f3ec06afa8818b61bb7508ab43904e5c03c181358f1798dde70605aaffeb53120fee14900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
65a76f5f258ea9df9c426fc47bd50007

SHA1
ea0cd64b9658a48c57717df04a3e8bada665c22b

SHA256
d6d8e938be1a36e5cff3e4ef3c6b1f660524cf7beb34521b4fab3a0ce011fa17

SHA512
6048c71e7c6a7599558fcf65b2243cd950bb755e11b555a76238a61e29fed5069464c13c193d2943cc30a222897d42fc5cc8712e2700e3326e5b6bb32850ee17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\6bc86504-989e-44e7-a5af-aff05ba900b3\0ed8fd2ae18c18b7_0
Filesize
35KB

MD5
99c3c2836c9c8f943882601a94658799

SHA1
62a6d85d1f31c685e26563e37e2f6f4eac8cc159

SHA256
0e6fea6217f9178b43f7cd0530d82fc2bad93af62d59d719a7e973c4bae7e53f

SHA512
57e7fc9c08aa746d43028b7be5b94d78b67bf0216eb06ad2e8b47696d023fc7fb8aad9619be0c3681d3d2305c8afa6ea9922571f1eb9c8850c67b10bee6c1f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\6bc86504-989e-44e7-a5af-aff05ba900b3\index-dir\the-real-index
Filesize
120B

MD5
7324194199117783640f3635835a966b

SHA1
95b7c0f06d790bf132c01ae85f2993acdec0accf

SHA256
85953d78bbd14cfd9933fbf926f04d69a93a1ad05cbdc7e9b2028a6aad731399

SHA512
7e22838be80360baa9a57c6c396b11b0a1542abc6837612127c26730b6311631a21a2694f2bce253e5fe1c1699a8cfecd74f044bdab0f9bae374ae2acbe0fc86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\6bc86504-989e-44e7-a5af-aff05ba900b3\index-dir\the-real-index~RFe57aa1b.TMP
Filesize
48B

MD5
c21dd3fe9f512d8cda504d857e027471

SHA1
25e09c52de344f258ab89d50fedb827c4c3b6a2a

SHA256
df3277b836bfa59524a14da10589a5f03ab300d6022882d0fc136433bf2a6a0f

SHA512
df8d2c4bc5253a3a733af320e3da7a3b8fdec1598bf0a224235f5afa15b6616d6b5a4684d6ffcee493316d362db3728e9b57d48b21c67fb133023d23e4085662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\6da6f6a4-b815-42dd-b21e-c540ee098bba\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\f9ff76c1-d29b-45c7-aa18-8e75e505b961\index-dir\the-real-index
Filesize
2KB

MD5
0baff538b5ff48036e2c00a43f8bad74

SHA1
e6be76dc3398e02f60cd3599a9fda032836c8738

SHA256
1b6a4a553702a051db1f672f49216d1df6edca29fa1b89830b284df58965c252

SHA512
5fe080b88d8d9f2dbf699974884d4d59e5abc4129f4e828cf080b4c227a2ae0777c3bf406896df0e87fdb0b6df52d17ef02f87a9a0b49c07eef90c66a8734085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\f9ff76c1-d29b-45c7-aa18-8e75e505b961\index-dir\the-real-index~RFe57e6e5.TMP
Filesize
48B

MD5
6be78597177fc585cc87528be850bc06

SHA1
98a101308383338fd352939aaac7402d8b5f833c

SHA256
3f7a8594f6635ab2c35ddfbfefee1f50f53cb1ca47155289dcf05d54836068be

SHA512
76169286d072a75dd88041d41ec50caa8561e847f7d224147b11dfca43aeafd9d6b00ea813152cce8bc2c8535c2f2a804ca2708f581c8e0477f516a544bfe12f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
266B

MD5
41d4051657ed3baa0827ca9ea60f7326

SHA1
cd1cfe03059ed2eca506e035ffc47d45ecb51390

SHA256
44c4a389ce0db9dba77a260d87ae9d8943ce776f39d441e5116c20cc02881a16

SHA512
e85f611277c8d676b64abcf686db706d77ec085aaa533db197a7a524d711b9423e80ec28a18f3ffe0113ce8e5809cd4b2a64c44098276a76001a166355cfbc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
387B

MD5
b0dedc9006122e5b6de16e6c58ea6bf6

SHA1
67269d6137f25553f9a2d19120cc5a3e579d0748

SHA256
6677d98125ef77d5d42770c5c1bffd60a85849e79ac1914244caffc2d0a297f1

SHA512
792c27ec384b6495591c81792b711bf8aa07bf5edbf29bce8b5a3c11a65019d323501148381cfa8e65938f8207eb08ee1c4028b02fb1fa7df6be657bdc780686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
495B

MD5
f7cf15856044e22f7577b74c6b522235

SHA1
d9ca43137662aa1515c4618e0297c38b05ef9d9f

SHA256
474321ba5b1da6705d011025f0af3bc9ab7169f5341b3d6e26bf8552782899a4

SHA512
53f68157fd9f337d8b18e5590ea95a31693e1a82603f79a79932a597eaf071dbe7726f31e17773c637434f561a63243af0e0272270e1b7f91d9a2353338eec60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
611B

MD5
367bea215552b81126bd62c5a9eec6d7

SHA1
d4e32127398efb91e7f3e4ac5163e5ab4f6630b5

SHA256
7901d6d0cfde58732677d4f29aaccfe246e90f008dac7d9d5bbdb6325076a19d

SHA512
e3429276271836c0d8fadcdaafb8d9a43cdac4e95feb4b67756d8bc9829cc6a10a2b27ae3e14aa0b323ced6685dfc8fd4c8fb38e865040430c5695ec32348416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
608B

MD5
1bd5e5702550c8b6543576992042b14e

SHA1
bf345c66bf4cf91dfa9f4188e8f24c89bf23a0dc

SHA256
15ac06f87300bf2305cada4d0853122eb096a38039a12f5a5ddbd492b737380b

SHA512
5214a32bda88b13975c06edce6aa20a2b9a11d91518cc9312157585e5ab00919717d22d811d09fecbdf5767d450c3b4a7f989a687cc9c9513d12bbbfce6e102d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt~RFe574825.TMP
Filesize
152B

MD5
ba7ef0cbed54cac8beacc86853e6a0f1

SHA1
5d7ec4c152c36bc9d312ae129df072f6ea615f38

SHA256
0ab863699daa0186bbdd472a99615e986411e19607b4b4eb3c22089bb0517540

SHA512
f4f180b2fb627f0ed01dc562f668975709013f5de06879cf88da5b6115fc87a49734708ddc4594fddaf3777af242f45d13f9e521d682f20dec1b19908fcc8ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
3c5dac3101baa8c0a2fe4b223b71b5c5

SHA1
8a60a79b9149f2c8f64a923a2b62adcd09862fe5

SHA256
1db52b3bb893a135aa94991110635e2edc07e98c9af10e43c1e46819c131e875

SHA512
2c490140689a7faf9b50020cfa733f2b805f8eefa19968366e65d4649608ac06d161dc0c089d0189ed8e018eab941ae1e3c9bfc625065227c9049cbe22fa4389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
bda4bc45f376b802b98c8a3f7f85c912

SHA1
8706447f4ee55a2fb479d17ab751b544f715f676

SHA256
95926bb889472d725bd0358e570a5bf03438ed74b7b032a7dc178b2e4c7812ae

SHA512
21f349f2b57081f2baa9901aaf24a4ac651a94c2ad9d6ffb1914d3a18f12ecca52ebd90aa8ff36920435a2d9c7dc93a3ab13efaa61a719a3ebf8ccd53d888553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
f4ef281a2f9f15396986b4cad05a52ed

SHA1
b108a51a92c77c6def4151843fb0a55368d34a61

SHA256
d76aad4bebe1e992f00a14eaae79ab4353fec9cec0a613c295f3b279e165e39e

SHA512
e1a448f72f1b1e1adc74a68db40c3b1bb55d66729d10580d30ceff3482df73cebc826a4c6832d901e622ef99d8fdfa7d964aaa6a543b5117b61fbe9d58564c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
2f2ca996e8b8fac6d4c076532d84e594

SHA1
7e6580bdb9dda4d2e3e2e62cb26b4b91a5cda009

SHA256
298f643641f5d63d4667bae02fd77f411d09052593a19db8071e6e4f0b23fb3f

SHA512
75f12baa91cd878de7f895443cf5f7e78c2e98d9aeb83106df4ac74de5aa220fdd98e9638b29bed3ef552e9d1e4f8a0388a1781e0c24ab5a485099745c64c0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b48b.TMP
Filesize
91KB

MD5
f374baf69e2fa7fce0f37f80acf06d79

SHA1
d9976604648c7d2757615f9b1f98ca5b5274743b

SHA256
0bf57141898a089e3f56b0e8e55ade1f24700648de3c1911172f199bd1b5db30

SHA512
3cf3c041d9ed59c11f033b341b9392eb0ddda348237e76656639911a34747784a74ef6ab40e9e8f2af5628a99d59eda702e75c0ecc78e38571434e2aa179c9fa

Download Submit
\??\pipe\crashpad_1408_OGSTBBNCKNIALNYR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit