hxxps://mcas-proxyweb[.]mcas[.]ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01[.]safelinks[.]protection[.]outlook[.]com[.]mcas[.]ms%2F%3Furl%3Dhttps%253A%252F%252Fsirius-it-edm[.]qiye[.]163[.]com%252Funsubscribe_zh[.]html%253Fhost%253Dlx-aries-star-mail[.]qiye[.]163[.]com%2526sign%253DQ%25252FxUKdz7c0vJwaEkufz6ViGGCcTzByYiKKwlUnlmI0xTKtJ%25252F2Zs5Tr8cTZd6LfJpI18ADFGLlX8i%25250AGIB3sCh8r8JyxWWYqoStVRcvVUPCWycQMIUBa3Wt5TAoFfe29WTC%25252B2PbOAayqcGxT3zZJGmcG3eJ%25250ASh8og2i1M0fuRGS5FznKPZb8JVH4q8Uht5oPQS2T%2526from%253Dmichelle%2540yortay[.]com%26data%3D05%257C02%257CISD-IRT%2540metrobank[.]com[.]ph%257C7d587594568e490cb39d08dc810e379e%257C5d21b779551047d8905fe1156023a316%257C0%257C0%257C638527145263518074%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DOSwgAH6suIA9Yusgm027pKrQ92I3ye%252FlvSxcMKfrfBY%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=fd8af3eb0e97a473f76c36901413f5faed7744305522fa86a715fa12efcd5242

Analysis

max time kernel
120s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fsirius-it-edm.qiye.163.com%252Funsubscribe_zh.html%253Fhost%253Dlx-aries-star-mail.qiye.163.com%2526sign%253DQ%25252FxUKdz7c0vJwaEkufz6ViGGCcTzByYiKKwlUnlmI0xTKtJ%25252F2Zs5Tr8cTZd6LfJpI18ADFGLlX8i%25250AGIB3sCh8r8JyxWWYqoStVRcvVUPCWycQMIUBa3Wt5TAoFfe29WTC%25252B2PbOAayqcGxT3zZJGmcG3eJ%25250ASh8og2i1M0fuRGS5FznKPZb8JVH4q8Uht5oPQS2T%2526from%253Dmichelle%2540yortay.com%26data%3D05%257C02%257CISD-IRT%2540metrobank.com.ph%257C7d587594568e490cb39d08dc810e379e%257C5d21b779551047d8905fe1156023a316%257C0%257C0%257C638527145263518074%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DOSwgAH6suIA9Yusgm027pKrQ92I3ye%252FlvSxcMKfrfBY%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=fd8af3eb0e97a473f76c36901413f5faed7744305522fa86a715fa12efcd5242

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616018167764294"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 4744	4076	chrome.exe	91
PID 4076 wrote to memory of 4744	4076	chrome.exe	91
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 2196	4076	chrome.exe	93
PID 4076 wrote to memory of 4896	4076	chrome.exe	94
PID 4076 wrote to memory of 4896	4076	chrome.exe	94
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95
PID 4076 wrote to memory of 2224	4076	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fsirius-it-edm.qiye.163.com%252Funsubscribe_zh.html%253Fhost%253Dlx-aries-star-mail.qiye.163.com%2526sign%253DQ%25252FxUKdz7c0vJwaEkufz6ViGGCcTzByYiKKwlUnlmI0xTKtJ%25252F2Zs5Tr8cTZd6LfJpI18ADFGLlX8i%25250AGIB3sCh8r8JyxWWYqoStVRcvVUPCWycQMIUBa3Wt5TAoFfe29WTC%25252B2PbOAayqcGxT3zZJGmcG3eJ%25250ASh8og2i1M0fuRGS5FznKPZb8JVH4q8Uht5oPQS2T%2526from%253Dmichelle%2540yortay.com%26data%3D05%257C02%257CISD-IRT%2540metrobank.com.ph%257C7d587594568e490cb39d08dc810e379e%257C5d21b779551047d8905fe1156023a316%257C0%257C0%257C638527145263518074%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DOSwgAH6suIA9Yusgm027pKrQ92I3ye%252FlvSxcMKfrfBY%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=fd8af3eb0e97a473f76c36901413f5faed7744305522fa86a715fa12efcd5242
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb2a39758,0x7ffcb2a39768,0x7ffcb2a39778
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5076 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4552 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=6060 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5080 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1032 --field-trial-handle=1912,i,17665031130427442952,1642978054556456209,131072 /prefetch:1
  2⤵
  PID:4372

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6b68fb1b-f7f7-4cd3-bf90-1f264d08f555.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
037288d40b7dff5434e835cc4b8417d3

SHA1
0d9ca29e4b52cc3b16b2f08f903e77e220bbe8de

SHA256
fdf6672d0a70e3dd0380a415f7d748bd4dad668dc841549d32ad9799c4ec63b7

SHA512
ce16dfb9f147e18193f476ee42e3cb935bc3bc598ca4766ac15869e3a757be37d47eec072295f4111559ea8ba8e25f68fd42a0a858acae5387b377c01047724a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
716B

MD5
6b1c244f5e2a43896d2c555b3e53332a

SHA1
66a8d1c208ce53d206231becbd67b8b0c14cd97b

SHA256
521070364154bc395b8228f1c3da0f1fadd4d24f6f867603c35bec32ead1dfc3

SHA512
3127fcf23014360b8b37fcabac77c2f5f1612de9a4e626a1d538069df7103a4a5d805fdd4f204302c1e83a16bde38f1d6c1e233e1c31c93f1c00b69bd476b480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
902088eb0cd7794403a58c6706f9336a

SHA1
b037d889fe215b4ba85fa32629271d4a8f85c78b

SHA256
f6a398bcff3afc4e101b4741e2325bedf4d47229bc562efa3ed63c18306ef718

SHA512
a271e074565bd65153ac483f9f0f7a69d9393c34e2158d468cf9332ee10062ea74c44fc203f89435fccce2d953e85a19f2d11ec3ee33bd5559853e759b2174bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
576939445a2e9f2328609bfd5e692cac

SHA1
231334af7f62755a0884b511ca4648febdb9ba1a

SHA256
ecba4273a72a98c0705f067630c86b8a94befeb6e21d02762f824e9d7644e6c5

SHA512
a4150acfbd894c2279f030f1e714292665e1a05c8af4e2d1583b1bba77d56fc9721a6834a8a60ead8492a02ed63ef3f2393929cf6c7c4c5240261bddf36dd899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed9abfc30bf8af3175acf856a88e5de9

SHA1
d81a833cf56e1bb65aa6995e07020160331f5053

SHA256
8ef77272cb077e08f256280c582013afff1a7e67231a5741154c4b7449750133

SHA512
220bd8a68df06c3d63b1250f474cff8a8bcb25c3c799ea929ee4ea244c89187fe4a51a80b8b1b16a38b4ef1bef02b4673666deb3a39d6979ea8332540cf1f244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fced937aa9561b041d77df06c9ac6a0e

SHA1
8d8db63634b12d748829df9837bd32fa0f84fbaf

SHA256
495ba8f5daa5ae27f4141948a5a2b62108ddd98af92f34e7077a18c0cc17f42b

SHA512
dbbd42ac96fc91acc83c719182c571de7bd524b75bf0242cbe89858d43c50705ebf37d6ea02309f9118e5c3aeaa64f038a52ab9c3d3585876270047e394652a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
c3b877aba9e118bad2ff3b7e4b484b9b

SHA1
165ee6c0595fe5124591ed8ab7b41a7802c42518

SHA256
eae3b81bd823db6b85a5f587896c12a851442ddaac49051c4de33db7f3f5d4a0

SHA512
27bacde8441aca985e8933b9b85302b982003d7f41b7fc8438551d64ab96e20d373731771a62a4876f31b6642758f38ec33f31da1ab20d62c5051e5aa8c1a52c

Download Submit