hxxps://link[.]mail[.]beehiiv[.]com/ls/click?upn=u001[.]TQZThRnCzNiYj8X1gC2kpmsYDb4w9usmTNNPgTQkkGIWuDM398sIBdGK2xfc4PqJRWf6Y1RPIcm3dEVo4lZ4cNMjqIcT54gGzP0Fil3nUxSGwOSL80UtwvxHvR-2FDsbCzjEymve-2BOgQ0NqWV8j9QhmJZxUFUPkKFnPhzC-2BdVcIISECG21odq8tBJ-2BAe9Rh1Td1bec_uoJNvF-2FASjth9StXKTRb2M2xwgVndPqK9iTzsVgA4sO5T53RcCl53ifK83B8LqeCof437-2Bhy3kgtu4eVX3r3fM51Zx882GhFAoF2ETtdkeCXTWy6nfkfvKCAxjkYp9hCxbGmgbH88tdf9xltbpnXDeqXjGogsrMCjnVMve-2BjS1u6JixMqRM2dPJROqAtggixVfA694L5OJABwHngEcb5-2FHbHDliccBUTKVgXBg9LCrcFm6TXmlMX65fevXqggdBErXcLPOAJd6RyqvxofczjgiKS8v4wy-2Bs-2Bbi6abyCS-2FuRt2pP8P6hfwdaq-2F-2Fuf15h6xfqbzFWR7kFG036XfdttIdECN8MVn78rtOW3Vrcq2Ztr4-2BbYNjhkLDr8LSQd-2BUk7dMC0GPkKn4JO-2FJoW1SkcMk0xvS6wVwLCe6eOaR00CMAN6-2Ffq3Mwc3C4Ri4mEud6BM3B0d7pHeHgOd2b-2BU-2BB4cQ-3D-3D

Resubmissions

24-06-2024 09:02

240624-kzx3raxerj 10

24-06-2024 09:00

240624-kyqx2sthkh 10

Analysis

max time kernel
599s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.mail.beehiiv.com/ls/click?upn=u001.TQZThRnCzNiYj8X1gC2kpmsYDb4w9usmTNNPgTQkkGIWuDM398sIBdGK2xfc4PqJRWf6Y1RPIcm3dEVo4lZ4cNMjqIcT54gGzP0Fil3nUxSGwOSL80UtwvxHvR-2FDsbCzjEymve-2BOgQ0NqWV8j9QhmJZxUFUPkKFnPhzC-2BdVcIISECG21odq8tBJ-2BAe9Rh1Td1bec_uoJNvF-2FASjth9StXKTRb2M2xwgVndPqK9iTzsVgA4sO5T53RcCl53ifK83B8LqeCof437-2Bhy3kgtu4eVX3r3fM51Zx882GhFAoF2ETtdkeCXTWy6nfkfvKCAxjkYp9hCxbGmgbH88tdf9xltbpnXDeqXjGogsrMCjnVMve-2BjS1u6JixMqRM2dPJROqAtggixVfA694L5OJABwHngEcb5-2FHbHDliccBUTKVgXBg9LCrcFm6TXmlMX65fevXqggdBErXcLPOAJd6RyqvxofczjgiKS8v4wy-2Bs-2Bbi6abyCS-2FuRt2pP8P6hfwdaq-2F-2Fuf15h6xfqbzFWR7kFG036XfdttIdECN8MVn78rtOW3Vrcq2Ztr4-2BbYNjhkLDr8LSQd-2BUk7dMC0GPkKn4JO-2FJoW1SkcMk0xvS6wVwLCe6eOaR00CMAN6-2Ffq3Mwc3C4Ri4mEud6BM3B0d7pHeHgOd2b-2BU-2BB4cQ-3D-3D

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636933896099334"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 2252	4120	chrome.exe	88
PID 4120 wrote to memory of 2252	4120	chrome.exe	88
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 2264	4120	chrome.exe	89
PID 4120 wrote to memory of 552	4120	chrome.exe	90
PID 4120 wrote to memory of 552	4120	chrome.exe	90
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91
PID 4120 wrote to memory of 2988	4120	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.mail.beehiiv.com/ls/click?upn=u001.TQZThRnCzNiYj8X1gC2kpmsYDb4w9usmTNNPgTQkkGIWuDM398sIBdGK2xfc4PqJRWf6Y1RPIcm3dEVo4lZ4cNMjqIcT54gGzP0Fil3nUxSGwOSL80UtwvxHvR-2FDsbCzjEymve-2BOgQ0NqWV8j9QhmJZxUFUPkKFnPhzC-2BdVcIISECG21odq8tBJ-2BAe9Rh1Td1bec_uoJNvF-2FASjth9StXKTRb2M2xwgVndPqK9iTzsVgA4sO5T53RcCl53ifK83B8LqeCof437-2Bhy3kgtu4eVX3r3fM51Zx882GhFAoF2ETtdkeCXTWy6nfkfvKCAxjkYp9hCxbGmgbH88tdf9xltbpnXDeqXjGogsrMCjnVMve-2BjS1u6JixMqRM2dPJROqAtggixVfA694L5OJABwHngEcb5-2FHbHDliccBUTKVgXBg9LCrcFm6TXmlMX65fevXqggdBErXcLPOAJd6RyqvxofczjgiKS8v4wy-2Bs-2Bbi6abyCS-2FuRt2pP8P6hfwdaq-2F-2Fuf15h6xfqbzFWR7kFG036XfdttIdECN8MVn78rtOW3Vrcq2Ztr4-2BbYNjhkLDr8LSQd-2BUk7dMC0GPkKn4JO-2FJoW1SkcMk0xvS6wVwLCe6eOaR00CMAN6-2Ffq3Mwc3C4Ri4mEud6BM3B0d7pHeHgOd2b-2BU-2BB4cQ-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be60ab58,0x7ff8be60ab68,0x7ff8be60ab78
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4016 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4384 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4512 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4440 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1020 --field-trial-handle=1984,i,18084924025745051587,9614260376649371331,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3824,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e0656c74028287e6edc45cc9dbee7b4e

SHA1
31fd9ce55c0bbd7fbee58bad260e3c72fd1c2832

SHA256
b0b8387eb46bcc15dd8d02974c673ac8e2fd17c6f14e31318f0426a57ccb67d5

SHA512
c1d487820fd7bfb5a679d3a233f48e8efe090e60d58b9ef6bb08981d623b54a61a73b54c32a12e3b256d8b2e802b06d6171b9975ac6a1f41b475d5a92106cf21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
98c804168d5b2d8e46e0e4f97788d448

SHA1
682fdda08e66512143aee30cb3bfe2c1c0c99465

SHA256
5d2d5852aa9fb36d5c9f15cdae03fae4df35ac948450492ffb236fc20f4f8922

SHA512
30b75e589ec2b5e2dd888aaf6533b8f576af6582a38e39f7ccd8a18214f25ed56b34b572e3a0384396f52523bdc210d82708f2b429fbf921878c30aaab03b5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
158d1f987094e0fed9f354ca41d73e18

SHA1
c5d54609c120fa9a952d1cf3d66663690460e587

SHA256
5a7a8dae60650f44a3f90f1d9ea7d0601beec23cd50134cb5d2108ef6127f9e1

SHA512
d11e2af3eabcccc1d75c6e80d7a0ee8bfcb771431be573462d157f06ddbb98320868925712745765a5c89ac3c307dd7bfe53af0d7211972950fa4a42a53ae6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
2b7da9460a2a3798d2fba34bc4383aea

SHA1
b899d07b8e4511822fe31311e79ea19abd7b7d1e

SHA256
6540a0027eaca52cc42c8a0d41478e25c6e4f10daffcfa1649776f7bfe88528e

SHA512
52572c5758b31d232109849ddc1f8e566778cd7409a902222d66d7aaa48131943a96ad5c0ef796d4457577c9f7448ad5878c3a0ce198ac549d58269648144451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e1cf7d7b0dfe557a35d9f669c40f86ca

SHA1
925dd1e6c2d3306f05874f8d7c33aabe4d9755e5

SHA256
4ef794b0f0ccae841a6d48ab87b9e5b83480b91e4aa26cb6b9f0d7a492290a69

SHA512
263262cc2d9d2d343648bc709d68a443367d334b6735ceafca34c4209b2793a86fe1e69ab0a7bc771c6080d805d25d31a318c780cbeb3e60dda4678bd7da275c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f1fe3170ee9b4cc41a4c5ec5070a92de

SHA1
03b6dc949eb16a6ed8de5e634c8d22ee8f74a0cb

SHA256
622337e1b6323f0d8556371c18d024065fff1466085be04019ac85efb5676fa0

SHA512
b5640b06519ac468fa9c59f3488d62dd6fecf0e06555e9bdf2670b4d2ca2c7d205a3bfdc1124364974911acfe718747766e2af51572fda0ab92a13cdd7ba654a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
7eb5d9bf098d1b102392c4e06bc9dbc9

SHA1
6dc7f4bf320f9b67744eb9975f3b52039fa2b1c4

SHA256
41230b15b7f3bf33f9b077d8d3d47e6fb40610eb60210c1f9151c965e56d9b38

SHA512
c63456843f81394d2dc3713c60661dfaa6400da00bd2c961875ceea46b43be0df363d4559c1a4a9ca2ddd9479521eed6eb7bccc859e25cd26f5804dadd579b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
4cbf901bd9e4540a992015a47c6457d4

SHA1
4067d53dca5b23c11cd828df454cca7a8b1fc766

SHA256
95997c917aa2c3f7ceee8a7f4c374d42c4f7487bc533abd6471f3b57736d3f39

SHA512
8c363a8070ac92262fe71fe91a2a6d03b12fce8f08ece87a4c10b2bd607af9f69762224f15e8d362bb374b716f8ba48d1fd04918598356555b342e27abc69a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586126.TMP

Filesize
91KB

MD5
f38bea6ba1d8a1be0423b7286bb84ff3

SHA1
5b6c8ea8fb2550eec6b39fec0c31e5f1060e823f

SHA256
fba0949ca05ddfebaad7cbabd3907f759391af1025ebbeadba850013910105ce

SHA512
419bc3ce32ccc84989f8d8efa734aca3e829e4cd4358694bcae07d4cdac338df173348a2946249debf21b4f3f6202a9998eb1c7f3557a1202b959ca4efc71449

Download Submit