hxxp://recp[.]mkt81[.]net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=[//]assets-usa[.]mkt[.]dynamics[.]com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/1799700c-1f2d-ef11-840a-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05|02|bob[.]briggs@grammer[.]com|eacc07dcf1304938423e08dc122cbb1b|63d639818f404ab2a0cc299291d700fc|0|0|638405230530695155|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY+57c2BGf8Q=&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
18-06-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/1799700c-1f2d-ef11-840a-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05|02|[email protected]|eacc07dcf1304938423e08dc122cbb1b|63d639818f404ab2a0cc299291d700fc|0|0|638405230530695155|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY+57c2BGf8Q=&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

9 https://df.onecloud.azure-test.net/Error/UE_404?shown=true

flow	ioc
9	https://df.onecloud.azure-test.net/Error/UE_404?shown=true

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632118692656327"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1372 chrome.exe
1372 chrome.exe
4728 chrome.exe
4728 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

1372 chrome.exe
1372 chrome.exe
1372 chrome.exe
1372 chrome.exe
1372 chrome.exe
1372 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1372 wrote to memory of 2064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 2064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 5064	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 2756	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 2756	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3588	1372	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/1799700c-1f2d-ef11-840a-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05|02|[email protected]|eacc07dcf1304938423e08dc122cbb1b|63d639818f404ab2a0cc299291d700fc|0|0|638405230530695155|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY+57c2BGf8Q=&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1382ab58,0x7ffa1382ab68,0x7ffa1382ab78
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:2
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:8
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:8
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:8
2⤵
PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:8
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4744 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:1
2⤵
PID:3684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3200 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:1
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4392 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:1
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:8
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1856,i,13226929139691886124,1868180431607719868,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4728

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4208,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:8
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
5e4fd364ac97dbf60bff7442358c4155

SHA1
3d895306b94281d2043a3167e60c5b6baae6ea9f

SHA256
b1d29d63c9a9e43371861ba8ec8203816cb47f6e42ce844f812097361244dfe0

SHA512
132add5e188ab9615a9161db099fda7b76d5bc90acd1861e184096b17af2a780213da7cc6f5d2f9010ad64783b8fd83999724ac9a0cd574f08c6209efaaa58ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
bc508d058f26f1670fb1f1d18a3bb0f3

SHA1
73c9a68933784e71285143ca84d5ee05a4780a39

SHA256
422f432e75835c601dc90d5926c81287487c9fa228364210863c88c44fb30ca1

SHA512
366c01d614dc6e751a07fa521a71e2f14706e3f4a80ad39dd950fbc83f809c9dfce01dfc0169429351b1ee6ca897914ef6e82870b73f80cd58c5ac51b4b7ed51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
8cc1c887abe2965d917431c6ef38fe72

SHA1
1d4442fd4b464a0f51d3927c3ee9ad3432b05137

SHA256
7e42dbbe545d6c8067798b28078bc69c2311e11fdbbf8241695b8dbc7c767a24

SHA512
8d81171a98777ee5f5a2d1ff5be5697b06fc53e242464d88c633e2e83e7933583f1492ff2da82ad88232c9b497c269f4c7a70c46953820bc6fdf19a9753d8f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5abb9424c357c5ce0fd1883ef9246797

SHA1
561dac4ac6c00601c3e76a8c47aef128c06bd5b7

SHA256
1cfadf1d3277267382d2da4e68b62971a8cb6ac4feceb9bf0ee32d818d87e7c5

SHA512
c27b305c769217ea5f6475aee3a248e95bd86bc605cfa33335153c61f61f52d7abb072043ebf35d587dfd5e781f54ccddcd6c83742fb6fa94bd1d9640904f73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e602c56b6a5a9f574874e511c55cfd51

SHA1
e6199b82f25f5e65f20e8789229a47662d2f24ac

SHA256
5253c3c03b0d03a12d70e665f46a5cae3a3e4bdf6d71c54461894bfc6842ad5f

SHA512
c2935312a7d01b7a046e35312b2c00546787031517808bdbb13583eba723955d844119dcdd84c06c724aefff4a08d19b68f5bf93dd3fad614af6d88d05c08292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
e078d4aaa2fdc0994366421daf8dc5f5

SHA1
1d6cf5cc81e5ef860f8ed0c6cba1560b4d77fabd

SHA256
e8dbbc008e6e0cd19d8df71a02dbc879e8e64edad1ec55dcd5cb821756f44a9f

SHA512
4f8305b0873c98354b44c9d56a5b54aaab7f86d715492b074a9ada324327968aa2b446853508584b7333608d7b4e9f0b7d1d438588507e99d2fe750cd9acae74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
3bf5846b00f552070b74bd335d37a773

SHA1
253b04d9976b2fc88f829f09171438a7ad20ce6e

SHA256
200b03d9cc53e2ad6711adc6477513c5e9361d85461010322163691bad01f0a9

SHA512
de8b58b00d4635efc7456dae80011545f87c9ec4cb9e8ce9cc58003539b700489f7b83401aeffee73f12bd060183c1faf47d0d88835e51a08ccfc8372910c9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585dbb.TMP
Filesize
88KB

MD5
5664ce67505ba618cd2596d8f96e07d8

SHA1
4a349e5aa29b3034757a94632cffd9859f223c13

SHA256
5de51b1a0b00f9baf60464a5e1f2ed47c8563905e92cd6a59a40764103a631c9

SHA512
bbd4bf0f34ca59a40f0bcc73ce4799908686ca4dc9f94bbd852d8093db11b3e307727b017ebbe42f077235902aeed84e5381103ee42fca6492304c624e255652

Download Submit
\??\pipe\crashpad_1372_PIZKEGMKDSMEVBPC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit