hxxps://link[.]mail[.]beehiiv[.]com/ls/click?upn=u001[.]Rtzjz6BydxrbRduJuwiCRZeTL8OSw7sdPHZxHPDgu3dGr4SsNvD77Is7Jnvm1fulmp-2F51CCvqBBB5jnV45MDxRSzaBlTwI-2FuVknbdG-2BaR-2F52-2FdmfCVEdC52Z-2BcfYPYdsuCcchefdNrjTmQbMPq4AgTikEiU3mAa7AbvKmvC-2BwZZHqDhbJdmojKIa4DyF0MEBG9bZZrVBU85n3RMJmpiTKg-3D-3DB_JW_i2l0JY0a-2B5IHliMJOpuAQhfKGel-2BEPYoQXb1DV9tw1MUNySovAN2Zuj2VEUiitGtA-2FbJDtDBPsi-2BuqohgTO46xhybzNVp36R1aTviSPNxmpSbgzCqpXQib85IfDjMdUa3bdw42xeTMSMGcOBG-2FtFOdFn1mp2k2ieNPCMLFK3bmhnyBN4p-2B2Y1crK4C-2B6hi9Y6KhVvgeQUfoD9FeTgUcsHsUINlPJ1l22xcZ2YvrylXviRKW6Zf3SthDiIg9tjm-2FS2jmzWhiz-2FhufqyH8IA3SEqx-2FwYux-2BTYlBJuOsgMLgkX58sHlO8bYWbyl5jfpw1e5JPUZvQGrO5LR5uj3RhvbSc-2FuWEellg-2F2su0PDMxj5sFejlRdxHmDJefn-2B0OryInzVbkBDoBaj-2F4j2x8QwnRQRMcXQm3ukvO1Af7CYw-2BWo-2FeFu-2FSnSd3uWzrkihJSgHjR#YV9uaWtvbGFldkB3YXJnYW1pbmcubmV0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.mail.beehiiv.com/ls/click?upn=u001.Rtzjz6BydxrbRduJuwiCRZeTL8OSw7sdPHZxHPDgu3dGr4SsNvD77Is7Jnvm1fulmp-2F51CCvqBBB5jnV45MDxRSzaBlTwI-2FuVknbdG-2BaR-2F52-2FdmfCVEdC52Z-2BcfYPYdsuCcchefdNrjTmQbMPq4AgTikEiU3mAa7AbvKmvC-2BwZZHqDhbJdmojKIa4DyF0MEBG9bZZrVBU85n3RMJmpiTKg-3D-3DB_JW_i2l0JY0a-2B5IHliMJOpuAQhfKGel-2BEPYoQXb1DV9tw1MUNySovAN2Zuj2VEUiitGtA-2FbJDtDBPsi-2BuqohgTO46xhybzNVp36R1aTviSPNxmpSbgzCqpXQib85IfDjMdUa3bdw42xeTMSMGcOBG-2FtFOdFn1mp2k2ieNPCMLFK3bmhnyBN4p-2B2Y1crK4C-2B6hi9Y6KhVvgeQUfoD9FeTgUcsHsUINlPJ1l22xcZ2YvrylXviRKW6Zf3SthDiIg9tjm-2FS2jmzWhiz-2FhufqyH8IA3SEqx-2FwYux-2BTYlBJuOsgMLgkX58sHlO8bYWbyl5jfpw1e5JPUZvQGrO5LR5uj3RhvbSc-2FuWEellg-2F2su0PDMxj5sFejlRdxHmDJefn-2B0OryInzVbkBDoBaj-2F4j2x8QwnRQRMcXQm3ukvO1Af7CYw-2BWo-2FeFu-2FSnSd3uWzrkihJSgHjR#YV9uaWtvbGFldkB3YXJnYW1pbmcubmV0

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622183782487605"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2024 chrome.exe
2024 chrome.exe
2536 chrome.exe
2536 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2024 chrome.exe
2024 chrome.exe
2024 chrome.exe
2024 chrome.exe
2024 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2024 wrote to memory of 3740	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3740	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 3800	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 540	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 540	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe
PID 2024 wrote to memory of 2508	2024	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.mail.beehiiv.com/ls/click?upn=u001.Rtzjz6BydxrbRduJuwiCRZeTL8OSw7sdPHZxHPDgu3dGr4SsNvD77Is7Jnvm1fulmp-2F51CCvqBBB5jnV45MDxRSzaBlTwI-2FuVknbdG-2BaR-2F52-2FdmfCVEdC52Z-2BcfYPYdsuCcchefdNrjTmQbMPq4AgTikEiU3mAa7AbvKmvC-2BwZZHqDhbJdmojKIa4DyF0MEBG9bZZrVBU85n3RMJmpiTKg-3D-3DB_JW_i2l0JY0a-2B5IHliMJOpuAQhfKGel-2BEPYoQXb1DV9tw1MUNySovAN2Zuj2VEUiitGtA-2FbJDtDBPsi-2BuqohgTO46xhybzNVp36R1aTviSPNxmpSbgzCqpXQib85IfDjMdUa3bdw42xeTMSMGcOBG-2FtFOdFn1mp2k2ieNPCMLFK3bmhnyBN4p-2B2Y1crK4C-2B6hi9Y6KhVvgeQUfoD9FeTgUcsHsUINlPJ1l22xcZ2YvrylXviRKW6Zf3SthDiIg9tjm-2FS2jmzWhiz-2FhufqyH8IA3SEqx-2FwYux-2BTYlBJuOsgMLgkX58sHlO8bYWbyl5jfpw1e5JPUZvQGrO5LR5uj3RhvbSc-2FuWEellg-2F2su0PDMxj5sFejlRdxHmDJefn-2B0OryInzVbkBDoBaj-2F4j2x8QwnRQRMcXQm3ukvO1Af7CYw-2BWo-2FeFu-2FSnSd3uWzrkihJSgHjR#YV9uaWtvbGFldkB3YXJnYW1pbmcubmV0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1d4ab58,0x7ffab1d4ab68,0x7ffab1d4ab78
2⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:2
2⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:8
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:8
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:1
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4320 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:1
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4724 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:1
2⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4356 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:8
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:8
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:8
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 --field-trial-handle=1880,i,12522765334231211920,5442181866419119408,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x434 0x2f8
1⤵
PID:3952

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
e772210b7a27d45faff4c425b9d1b6f8

SHA1
8f405cced766c209260a23edb7b849b92048764e

SHA256
8b2bf0be68625c384ef4ad20c5a91232926805e4ca1b7e425162e16d6e59ea20

SHA512
70f9f1490a117a953724e8d80b07c79d631badd10f92f109b5a6a47d0483058f67b5fe609ab129f28413b51dd3740d519f0a050d825f765fc283686afe41688d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
8917036fde4716ef12223a1fcd313fac

SHA1
884cc1e1532c3e7e8ddc654b500c92f9b48d8f70

SHA256
4fead43981e212271f62b15f4d70d82cd01325cb6e7286227caeebacd32b34ca

SHA512
60272ed2aca67567d417b1e2189037a367cc779702e4fc50e4de33c5ab3e9beda555f6991d2c67f97aa8cf2c884b446b1d1a290259edd24e3dc231216d2e6509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
2481ae52ee5c12a70817742e72c5e6d9

SHA1
5f4fa09927e466151e4fd11eb8976dcf14899d2e

SHA256
bcbf6c4ef14bbcaac45931663cc47cf9450f4ae6fe3c1907b783a711c45ec134

SHA512
77bd30eed9ec13524c3d8bf8b0f622557f435933f4e3e5da66b53fdc98a35a34eccc901404eddf1ff032cd6701eb1dfa934e5a4a53573dff1dc09c9ca70094f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
522B

MD5
bd9585b7de96a87a7eb8169743893f1c

SHA1
3b23b93c4dbfec37d059bd2e18aa04996415c3e6

SHA256
94e69ce0a032784433d6ced847eb4a5185c1daadbf56d13159ca798631723ed1

SHA512
463b557ea1a1236ba05135f4b1be57f4bf520dd283822fb59a4fcd447f2a7d5cc5a76a2cf68d515b4eef08aee1aa744d82184ce8659a3f259bb2e377ac184e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f5d8df92-1381-42e9-8951-81e3ae33a524.tmp
Filesize
7KB

MD5
666d256951fc2c96ef96daef1551e04b

SHA1
9ebe55796a012d6b3a2d44ec8e12a51d768a54f1

SHA256
69f01ec78325ac3487119f26465641f67c28186ae17669cfbb6fc7e234f3487b

SHA512
723ade71dee4db476f18252311057cdb3020de5e7163ab204117d4a73434708e633eab80a2ffaa254fd04a5df0968d45178ab2d54491ab29a49f8f49fb1f879a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
cc089020a1f32e2334ba1c02b655b872

SHA1
16eff4fecb1ebfb77b92c0d1eb796ea333efe2a5

SHA256
3b9c4763e5b30fc12f7d2f6bc15b6fa985bb6d6173f76decd52fb697d998f012

SHA512
5c46a7525cf14428656cdd4cb59982e3cfaf694f05d440aa543821d64ba30ecc7f29d4b56b46956490fc438de6aa3a192d436bdca377dbd0ccb3913f51115a02

Download Submit
\??\pipe\crashpad_2024_YBXEYHRUWHISBISZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit