hxxps://link[.]mail[.]beehiiv[.]com/ls/click?upn=u001[.]qG9brBN5O2Pk0nU-2BJtcndO2a8QaklzBEwuOETKg55e86hN6vywyZv412LRE0NHt70hLbtsl7Kc98ezHILa9vet1mv410YwGusHmF7AS4SQT76tOdYGdSZ30qfX1DjfHPdUtPHyeH5w9Kp48CpXfjVtUK-2Bi96g0NvuW7sbEaT7kDRY5eX35iSoGanLX2DBIYbDy4y_hTWdvC4M9P6H2GbX11S7KHYqbje11JUV9JmUkaLQuBfWLRVV-2FTrBh2hvJOFMF5OOcA27lGGAho-2BfoijLlzxbf-2FHeB0Rb2snPVUdINPCvjmMR37Yk3nBEVocBufTBaXztrfbWiUY3gNAQSvRuF6-2F2D-2BDFfllwoKSJsQIps4ZVLejVUnA6P1vbuqWDA9BdE-2FZZtSppxU5qOMlJyHm8F-2BZNbKtFRTS98RVTdrS7kJK-2FTvNpqRR-2BTtEAbilQGfxDYTmYUvzKsTk9VxwWbVnd-2FtGu5vd5mc3NtqD5UA-2BJWBRHhZIWVfSprDDuK0Ho0S4dn8QZ9ZDOUSWmgLawdnYQ8YYjMMDC0zB1d9UOeet-2FPjjNaXbihEZpbAxz-2B2UY-2B1Xtm9udMF9ec7pX6qz8P-2BqXR3spu98B11guoT9WocPEGxPZHIKthFPw0yj-2FqZ0QmSCUn-2FGy

Analysis

max time kernel
44s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.mail.beehiiv.com/ls/click?upn=u001.qG9brBN5O2Pk0nU-2BJtcndO2a8QaklzBEwuOETKg55e86hN6vywyZv412LRE0NHt70hLbtsl7Kc98ezHILa9vet1mv410YwGusHmF7AS4SQT76tOdYGdSZ30qfX1DjfHPdUtPHyeH5w9Kp48CpXfjVtUK-2Bi96g0NvuW7sbEaT7kDRY5eX35iSoGanLX2DBIYbDy4y_hTWdvC4M9P6H2GbX11S7KHYqbje11JUV9JmUkaLQuBfWLRVV-2FTrBh2hvJOFMF5OOcA27lGGAho-2BfoijLlzxbf-2FHeB0Rb2snPVUdINPCvjmMR37Yk3nBEVocBufTBaXztrfbWiUY3gNAQSvRuF6-2F2D-2BDFfllwoKSJsQIps4ZVLejVUnA6P1vbuqWDA9BdE-2FZZtSppxU5qOMlJyHm8F-2BZNbKtFRTS98RVTdrS7kJK-2FTvNpqRR-2BTtEAbilQGfxDYTmYUvzKsTk9VxwWbVnd-2FtGu5vd5mc3NtqD5UA-2BJWBRHhZIWVfSprDDuK0Ho0S4dn8QZ9ZDOUSWmgLawdnYQ8YYjMMDC0zB1d9UOeet-2FPjjNaXbihEZpbAxz-2B2UY-2B1Xtm9udMF9ec7pX6qz8P-2BqXR3spu98B11guoT9WocPEGxPZHIKthFPw0yj-2FqZ0QmSCUn-2FGy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652474029414877"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2844	1576	chrome.exe	83
PID 1576 wrote to memory of 2844	1576	chrome.exe	83
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 4408	1576	chrome.exe	84
PID 1576 wrote to memory of 2520	1576	chrome.exe	85
PID 1576 wrote to memory of 2520	1576	chrome.exe	85
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86
PID 1576 wrote to memory of 5016	1576	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.mail.beehiiv.com/ls/click?upn=u001.qG9brBN5O2Pk0nU-2BJtcndO2a8QaklzBEwuOETKg55e86hN6vywyZv412LRE0NHt70hLbtsl7Kc98ezHILa9vet1mv410YwGusHmF7AS4SQT76tOdYGdSZ30qfX1DjfHPdUtPHyeH5w9Kp48CpXfjVtUK-2Bi96g0NvuW7sbEaT7kDRY5eX35iSoGanLX2DBIYbDy4y_hTWdvC4M9P6H2GbX11S7KHYqbje11JUV9JmUkaLQuBfWLRVV-2FTrBh2hvJOFMF5OOcA27lGGAho-2BfoijLlzxbf-2FHeB0Rb2snPVUdINPCvjmMR37Yk3nBEVocBufTBaXztrfbWiUY3gNAQSvRuF6-2F2D-2BDFfllwoKSJsQIps4ZVLejVUnA6P1vbuqWDA9BdE-2FZZtSppxU5qOMlJyHm8F-2BZNbKtFRTS98RVTdrS7kJK-2FTvNpqRR-2BTtEAbilQGfxDYTmYUvzKsTk9VxwWbVnd-2FtGu5vd5mc3NtqD5UA-2BJWBRHhZIWVfSprDDuK0Ho0S4dn8QZ9ZDOUSWmgLawdnYQ8YYjMMDC0zB1d9UOeet-2FPjjNaXbihEZpbAxz-2B2UY-2B1Xtm9udMF9ec7pX6qz8P-2BqXR3spu98B11guoT9WocPEGxPZHIKthFPw0yj-2FqZ0QmSCUn-2FGy
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcc9c3cc40,0x7ffcc9c3cc4c,0x7ffcc9c3cc58
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4640,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4528,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4624,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3152,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3224,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5048,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4864,i,7347052447141753050,2719635587436376974,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2508

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
017db4186b316de9c9d38f754f0d4901

SHA1
c81c260fb54a1ebfe1f1e42de35e96b123f45f8f

SHA256
fde132432b25102e4c3686d90bc534cd9904246a825835c49b6452a0d2cbe0f0

SHA512
a4b6de3c71e6209fb77c6db44679d5e8cda218c614c040236d2eb17c5af1bba09f705dd989dc5b4b66b42e467769aa30005381474c6c0e20ea54beecd17336cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5e179eb178a1180b36ca302e58ab3f2a

SHA1
0f68a90a1df9bdc1c7163122db1e5807f176425f

SHA256
75732f0791af5aa4087ad711fbdc288823c6ae2eb89dbc8a8e83de2d675176ea

SHA512
3b64adc1e9ef1fe2ac6a8766f0bd472d1bf43a617cdf514f96dbda334804522a4f8148ea9a6b1099802fecaff23d2d786e9f66c13b4a387c7a083aa469bbaa76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5e39e09d17213b732de5b684b20cae60

SHA1
7dadc4d7d15de9cc94f8e6dfd5fb9ca9fac0ea7e

SHA256
88d84431480328e5fd1016e74e792976f9c232b5e6032cad906f97b9cd81de2e

SHA512
ecb72b363a7eb088ef06a6a3c74c426a2313f61b75be4103050d31ed225a52dafb652770488bbc9904baf6a0501dd873f71db4c00bd5efe176a0c83bd3896dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15f632a9fe15ef19e7500797c1a32aca

SHA1
e26c2310b4b6c75bd07aabcd5db8c48a71227e87

SHA256
394829f0bc302fc50def7dbf46e7406752fc0f7afc73732a83ae47a2bccd3c3b

SHA512
86b45d9f6c4d6e02b66f2f74b6c3fe9a844b46dd347dfdb7c8253b340dffebfc0eba1ee2339c66ebf45bb4ca8b15bebee78e035a7cfa8f0cb656fb544098ca80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
0ffac2206ec3062faa7b3d4e7e79bded

SHA1
80ad6b6ee726736666ab7c6dcf534eeb11e7dfd3

SHA256
3155c0ae4578a3e81e8e1637953eda62eb1f562374342be4dfd99a464511cd06

SHA512
8d411bf06c87935333ddc31c6739c59752d7866892fe8ade6a85e48a0d0cb96ba1fa48fe3a5a40f1850946230407075ce484b3cbb5fab1a4dd9452928bddaa91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
613bb375acbea225ee1860ef60f34a76

SHA1
c40fb79e0ec266db1604f8630c011dc6ee772145

SHA256
5b08c65c4ed1056cfa579a68c74aa81737e52829715ada92552a0790acf0ccad

SHA512
e475163d207fd0f2cb0816dc733f593ca4af86f1ab3e82102320e435ce2c6b9ae7cfae64e0bbe5a02e458a25c4577734a2cdb1230505345c6eb0f0d482912996

Download Submit