hxxps://atpscan[.]global[.]hornetsecurity[.]com/index[.]php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atpscan.global.hornetsecurity.com/index.php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627990302107498"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4280 chrome.exe
4280 chrome.exe
2888 chrome.exe
2888 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4280 chrome.exe
4280 chrome.exe
4280 chrome.exe
4280 chrome.exe
4280 chrome.exe
4280 chrome.exe
4280 chrome.exe
4280 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4280 wrote to memory of 3912	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 3912	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4896	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5092	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5092	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 4112	4280	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://atpscan.global.hornetsecurity.com/index.php?atp_str=8B8Q674nKweUpOPaXKM6VOMa9rVmT9F88gJKf7UnPIk7lVcTg1Q-V4IPa1qZ6xDW_Np8A6rXdvweyDFb4X_duRJq__NRXl8C6nr4Fp6_6jXTKY8i-eq9zaGF1nRMS5Naow-X8iPhCaW7gWnz15HywoXkRlBcF-HA5u9xlgwyXxJSOjg--X44rz6dyWRvR2kCcFbMVsikMsdWQtd8ernHlT8lEInagAkd6hInpq8HnR6qVnxsrq7Rp44guKAEXU6p35hzk1o7dqF0S746O9GWjNgbNSAsbClpjLwncPp2G24UeXuZxJpZDdiZxjV9eCg9jbcVC3za2iUP-qdmWbyOqIbtGcKK-4aGuNt5n-Ty9INr0JazCx6mCM_Aqb3V9vOzIhqqb3prxifizllceSNEbCM6OiMEWF8fLffrzjsUM-YjOjojHP7D4cEHhs3d2aEM0Aucrg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba596ab58,0x7ffba596ab68,0x7ffba596ab78
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:2
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:8
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4524 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4512 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4992 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:8
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:8
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5040 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:1
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=212 --field-trial-handle=1868,i,10801328008051073603,5566442030938730806,131072 /prefetch:8
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4912

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6cceb65a-ae90-4dde-bec4-6b0c742370b7.tmp
Filesize
8KB

MD5
0d71a1b2e8099cc380c2b8494b013316

SHA1
208d2e0b6cde5f91d37bb1ac3c48ab007a4558e5

SHA256
0208a4d60e4f9383441dc287909d29f83c42f387773064f319904bad2a2318f4

SHA512
c05c6c4acb8cb53c7daa543af7c4f4a7b9ec778d2731e6d5a7a5e327bb23a8d55752b01183f2b3a9c7b408293e7ef987a006e02b2edcebda8dc3cc0dedc44d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f5f3181308a7acd97702f1ca3c0c3876

SHA1
91cde7766e8783282df9ef4f89bb5127996aff7a

SHA256
2daf417b579b54e2707bd5e9421ae89316a184eeec75655c2a670ac54cf493cf

SHA512
f090ac50d0fb902470225648b218f4fed4a7ad34a3aa313c939b89ead8065a36d1c4718119aaa6c86d1f90d519e6e024d4ea1b2cff4acc96326bf79aba4ef3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
51dfbe108e5bbccfe8d43a9bbb56f52b

SHA1
85f2fdba41520a65e435706282fa1a2c5e08851b

SHA256
87407451c378ba1765b50dd1a2435ee9c6759c7cde4a6dc65648d3d2ab820cc1

SHA512
ed972f57cdf80e117e5754edca12e5be7eb4ba95a6fe920d11eac48c5f1c5f48644ec5aa1e727cd1e2ad394aafc112ae48105e9d95ac3043a3386dc50016371c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
851B

MD5
774ac4796106691f09a6d77e0cfa95ff

SHA1
2a81f94d5ad28dd8188323d0c95dc568c859aa49

SHA256
47c973df62d97fffe0813b7a22e7b64395870d96c8f27ea61a2271347014fdb7

SHA512
f0820ac1e519b47ff5eb5437818ec62908a460d02bb2160677f832625fef99c3a9fdf18bcd98169adbcd5ba667a3b6221576bca2e4440e8885aad8790d43a410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
851B

MD5
b17f3ef163949e3f8e0f785317bc9250

SHA1
49934f3c0cfd3691bd39f75fae293453e8ac2c31

SHA256
0421639d6e0772173cfb04276bbec11a9f64b4128d871d475a8f913b6e6eda07

SHA512
f12622d477b4ab14cd52d1488ec8c2f4903e492f14466e98737e111212f20944559b2a7dfd6c46524dd7e55911e3fd1ec21cfbd51e4e3b4e6476689029f1f5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
853B

MD5
0cf6f78c6980a07e8661164feda932d4

SHA1
1ffeb4eb5e4b3f8db092982a2bdb3b5a1f441351

SHA256
01ae2cc4fb9411eae22b39f88d649c1550858354fd1fc51835db5aed15368b47

SHA512
9cb2bfcd4dfb8d8950ee8f8783a928dbaac8ce976f8f7f54f0e5aa0740069c47969681c705873595a611fdcf63426ba66f389f73681e281f08e09a7c941fe746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
851B

MD5
9f0bbebb3e9ae76abb84478b91975d26

SHA1
3f0029bc8f6ebd2fab9fe03d337b97816f191cf0

SHA256
57a1d709293d6363e2c2d5740800aadf42983b8a273d552d63a59b1e48fc47ff

SHA512
7691fdba5c2f2e88e6510a647b4f5cd1a2290dec1f6f4ac05eaa24bec3e3f030e145d68acae690f5bf291c461c17542f37f92440787d13a4f4bf002a3cdb3e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
851B

MD5
b05feb7a7c81d974f8becb8d7eb68e05

SHA1
58a55c57faf4c76020987bd41f5ec33140aca919

SHA256
5acee3c2020b4208fbe74a292c7649927b4ed0490fcf2acb1291fbf328830089

SHA512
798ab5fac80aecb8a97a826556478d4d7aaaf5bdcb930da3085c341e7c61f0fd6bb9db30e16c27429427b398506fcf711b80f4a5a5cd987ec1a216d4e8ec03e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
521B

MD5
d900970b422ee2841a3f0dee63bd6789

SHA1
91fde8244a6d59f48f4e24e5664ded08af573c89

SHA256
a26a0d9b22b9ba1830e4c6de80b7619675f3282a57609dab78450fdfcf26aea1

SHA512
7655e81c939664fdf2528e0b1e14284fc2ba9682ea5bb7d755bd38712a92e664c7305351cefd43c9761820dafcf1d5ab76522f3ec43a3673c2bd633f0aa6e879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
065d092997974a4456dd59e6d2baabdc

SHA1
9e22239166de11a240e2c56e53fd297929c44af6

SHA256
348b32b87bbb3e2f799c36674a694678546f846d7f3833d816a146e826179fe2

SHA512
536f3c54aaace0659018272d9fe22af94dc8269a289a658de43858051cd488335665e6651659b4387290716419edd462233e5846871a8b0e18ccd96bfd8d65db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
71fed0db86d689552635952a45530d18

SHA1
88ce486386f36d802abc0d6771eba7bd131607ff

SHA256
5396f049c58d3c0153edaa81025e22792e9fc8c8b0f405c323ae4917334894e7

SHA512
9beaff68f59b18e6646915b211a7af0b2706218888718916cf8c7b43b26a7e42426830f20546597a0a21ffb89432877d0886fe7aee4fb7a8f47cc2c8513a7cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6c86c52c16b641949519ed39802caf4b

SHA1
b987ea3027a1b93ee7dfff9a7458139c60d0fe78

SHA256
2b4b68f6dae228395bbda95075fbda7d28c8db98e5c17230f4d2507aa187f8c2

SHA512
b7f42755737e3c055880807be841326442cec40d4ebc33ee4c816653c83048711a25252e382ef455961f24df9b02b5f8b5cd9cafb2a2ec5f845ccbc1bf148c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\0ebfccb4-72a1-416f-811a-34e1d36b0b37\index-dir\the-real-index
Filesize
2KB

MD5
5b2f7647d08a4478710a76e2ec1e2569

SHA1
a4a2e43ae6ef47932eddb22637ffc30c062f5761

SHA256
9d4bcf76f5a1ffa1ef62b2b3ce8de6df6ba70bfcbf4b17c6e2a3bb19e1299656

SHA512
d0bbf5a7ee980171f6a79992ad607f9b817e71d007460a3af9479760af7f9136fe2170195d4203c9564194204e3dd32d7141455265436de7e570d6b7d3eedc3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\0ebfccb4-72a1-416f-811a-34e1d36b0b37\index-dir\the-real-index~RFe58d339.TMP
Filesize
48B

MD5
b174acfe272e8fc6a19846ff4332311b

SHA1
3f7e043ad49fc52d08ed70ce94982fab612e8e4e

SHA256
e048fff56a616b813724c332cab789139d5e4a08ab828368231f19e5365ad16d

SHA512
6408304d48997217802bb87b87a1be04b24baecc6db80bfbcfc3897d12224b39548d799b09e0fb4e9330990fddeeb22fca9ae84ff6db19313a09014d8f928096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\54e871bf-07fb-4c3a-988e-47023672d5df\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\ec5bb424-cc0b-437c-9029-8beef0bb33d9\0ed8fd2ae18c18b7_0
Filesize
35KB

MD5
159be09caf6a5cb4de419b64e0606124

SHA1
7058df8986e11ca1adacd317b99f53ae8477d1ed

SHA256
f35aeb8c16b6b1c8f2e1a4bf77a0dea72e23c140a3f5d8c0d4392297a299b32c

SHA512
8c35d4eaa957562ee4d385767c4a68e715fe642924af26770488d235c5eb1e557972aeb3f61945bbc974a8a8473cdc6a4cc8cd689c9674f3e36c67bf79b5edf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\ec5bb424-cc0b-437c-9029-8beef0bb33d9\index-dir\the-real-index
Filesize
120B

MD5
9fce0009516a7c1b398cd0efc7d0d48c

SHA1
703e27851c0bff7ce475940f27c4a1d63b4fcfae

SHA256
bef3941c636284b6d232f132ed97d8fd1ce58a57266c9fb47bf625e73d148c29

SHA512
4797c093559b68c54281cd7a5531605a68f4b4f3d140b3ee3ae6e4b2cb7e25a4c0b74779bf6ec03cc90bb7f53e3980fca85099eb4ead81eb989785e147797483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\ec5bb424-cc0b-437c-9029-8beef0bb33d9\index-dir\the-real-index~RFe582834.TMP
Filesize
48B

MD5
6030edf895b80a3991ff80169d20781c

SHA1
ccc15de6b0908095726190a415ded4543dd16254

SHA256
562d1e119975f01d9d36eae24f54af58fbb72880c58b373260e27e1e1cb64fa5

SHA512
ea3de8c868a42697964aeab5f9fb7b337449a054f376191fc364d69af22bb3b2f1c08ae90f6500d8e402d8c56a9bb40f01eee423b7d8a92ab8f3be9b07856310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
266B

MD5
0406de599fbcd1e39a57cc02d42525ce

SHA1
ec2b248314e84c434bf4f3ebbf777b100d7f74d3

SHA256
7838fc2e49e2f3c76497070680f23c5139e55c6a3dec2c0eaa6db78507708fde

SHA512
8989b2f10696114468ce8b89dcfdada95440ad57243897b4d18cd2378aa03a39ff3ac513e54e9edfb1ecd39dee2ce0c94ae6dad542586c9354950c06b2a3e886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
380B

MD5
f2f1d14957eed3341f9a09feac5917cf

SHA1
c81bb007513cb176bbbb991fb7e31ca6dea98630

SHA256
bf6ac75867a87b90ab80928e107ea55936e3424f6eef8c2b4acfd38c6cfd744a

SHA512
c1cf03b9fbbaf05038a52dcb6dd0da81a22d9af7b91b005cc17b26483742d18ec91bc88612bc3349d9219477fc8ed274a9732a532a8c37ddc2173cdee26afc7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
495B

MD5
2b27fabac28292406ea0416aa2a0d9b1

SHA1
88a63f5cbdf5907ce4503f4b4604d18104dab695

SHA256
1d7ac28b31c76565d9594ddba8d7babc4cec9dad412dfa6a5960b169796019b2

SHA512
b7b797e55e23a450ca2be4721f2dc6aee72e0a9628dfdc864c6b14172e922bb520424ddf9d05aa5a0fe8e21dc64d45cbbb33b0b56fa5646d545cf99435cb39c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
612B

MD5
b3613d7d2c62128043441f9aa5c588f6

SHA1
0ab28ede4f096afa44e74b6522500715ebbb6f29

SHA256
c1e045af3555ad1a7f45890cbf7db53d2f8800dd4bb501969c49d0ceb42ea8f1

SHA512
30dac7013024b4595b4b611ee2d2cf9c7e935af8695445ad90fd8781227c863fb14636b8887f88c5604b366331e0596d9d5ec2ede41fa91db36e9025a1ad0424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt
Filesize
608B

MD5
29820954da477c2bdd67ae39d30fa6fb

SHA1
a7795e2092ff5b00ef20a12bfb5e78c3ca8ffd92

SHA256
8b96d4563d2fafe47e02f379c74b0c2387058ba4c961bf845ec4a73a033fb610

SHA512
ba5adfe3a24f0e05a51eb339d985b787ac65f10102d6835ac3848fbecdf4e66f0a8e69bad754c6eea87131e93329fbaeb0f90708433379ca6c0eef8208cefb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a47439c1a959e97fd7e221a9c42bc6e1da6f2da8\index.txt~RFe57c208.TMP
Filesize
152B

MD5
815797c5ac3f2a6e8a85f827b5be5d53

SHA1
def3a32a8e4205a8d575cd87dab468b635f4124a

SHA256
2c282c2e346e61c2e52bdf4bcad4489153267d3efab418770c126c7a264e6954

SHA512
fe03dc5f789e757ab5990f1e5fa75726e518f962fe97316ea2dd219a4f6d322fee9961a0038775c9376693be9b7bbb0b504efe9a317efa99953a4c2b6f8edc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
48eb7b82575e4e4e1b25ddfed763805b

SHA1
6b234f4378f300538883eac6f7a68704ab1bfabc

SHA256
5318a6360ac2fa82adf8281a9a7e98acae278d362b5b2eda866d478a3f6a7278

SHA512
9c3cb16fea5550a2b72d7953b216745d2cfde5958bf23791b47ad2235944faedc9a300c3896584890fe42368b512205bdcb8bf584c7b8db9d767244245705c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
2f8055181fd08e53d456636648e55d0e

SHA1
62b5a3bb4ff4f7f3fedbab344aff56b9c2f50855

SHA256
35a89faa2347cf638f89ccd3df4a81a4a967cdd11c52cc86ab9c11cf68b4bc79

SHA512
5067f58c4f3c7de3b681109be02d92af066152aad120a97ed9237795e9bbb223e704505f75e1e258e9ee46533330caa83aa070acb952dbeeb573366ea6708628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
5a9717ca63b16509d69c01ce6ea0ede1

SHA1
87feffce836acee392d18040072517d68f6da5f7

SHA256
05bebe78c7e03741b43a788887e505386609907be7f0dfd0924ad7f06e58098d

SHA512
fc33cefb0f6c9fa5baa034350f346cf36870386ebfcff77027c225e51eefb80553adafd8cf561745441715b4a1d18a91ffed56daa6c5145b16908ac1c5b8bd8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59c71f.TMP
Filesize
91KB

MD5
e18b6f9664d692b0b03dd8b8d9165148

SHA1
4dbecf1519c32b87219858d09495212deb83e176

SHA256
8f9d080827e523a579c9ded16541dd16b87526236baa6375c32169953ea2e289

SHA512
d5e9cb6f51b9aed4e9269dcb1e25e617f139fc0327f1a8851eda54e30c8d3fe5dba76b79c9e78abe390845df8a7cf3f9f9ea2be2d11603bfa53e4a716a0d5b1a

Download Submit
\??\pipe\crashpad_4280_VUJRIPYMIUTGFPNQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit