hxxp://links[.]engage[.]ticketmaster[.]com/ctt?m=9313380&r=NDIyNzAzODQ4NDU3S0&b=0&j=MTcwMDUyODA4OAS2&k=Link-0&kx=1&kt=1&kd=hxxp://7t-jpjjk[.]reincostrategic[.]com/y3dYaG/Y29tcGxpYW5jZS5jbHhAcmxqb25lcy5jb20=

Analysis

max time kernel
111s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://links.engage.ticketmaster.com/ctt?m=9313380&r=NDIyNzAzODQ4NDU3S0&b=0&j=MTcwMDUyODA4OAS2&k=Link-0&kx=1&kt=1&kd=http://7t-jpjjk.reincostrategic.com/y3dYaG/Y29tcGxpYW5jZS5jbHhAcmxqb25lcy5jb20=

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244401808661272"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 3108	1504	chrome.exe	83
PID 1504 wrote to memory of 3108	1504	chrome.exe	83
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 648	1504	chrome.exe	84
PID 1504 wrote to memory of 1436	1504	chrome.exe	85
PID 1504 wrote to memory of 1436	1504	chrome.exe	85
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86
PID 1504 wrote to memory of 2884	1504	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://links.engage.ticketmaster.com/ctt?m=9313380&r=NDIyNzAzODQ4NDU3S0&b=0&j=MTcwMDUyODA4OAS2&k=Link-0&kx=1&kt=1&kd=http://7t-jpjjk.reincostrategic.com/y3dYaG/Y29tcGxpYW5jZS5jbHhAcmxqb25lcy5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa25c89758,0x7ffa25c89768,0x7ffa25c89778
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:2
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3428 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2988 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4624 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5380 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4408 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4744 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4740 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5100 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5480 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4760 --field-trial-handle=1660,i,15343713519416395105,255343947463151890,131072 /prefetch:1
  2⤵
  PID:4668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
461df6ce4d13074e55b96e5b6f3d901d

SHA1
2bafe21852ae761c45202c0bae8d5b543fd9d5a6

SHA256
f82e4cc6da04e83a3ecacd372c46b58de3b45971266e1cbefaf5607cd3ab8cd5

SHA512
e2cdef9a3980dc43498abfbd733e0231bb69ff3e2ef6540f91ce874b1f041689d57fb253f56b2a49602143a530587f494f935df88695128f392e7684ea4ea43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d207802510117c266df74190cdd35608

SHA1
dfe5e87abd466ca4e1cae7d6bd1a6221de5516a6

SHA256
6309b213e6a0f3ec85c92acc97973ef0a894e16e5fcc4ad2a1f0087ecd08b85d

SHA512
11e7fc689c84494a7766e575903b127019d1c6507b9179a2957a807ee58e1c5bc5921e4c1be0ecf56c8364d9b5041ee0b799a9f8abe8b68768acd43b9b33199b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8885244e-c5be-469e-b150-84a264e55d2a.tmp

Filesize
1KB

MD5
41371c65fe67b54ecf7b0f30f5855a6e

SHA1
c4ddff45477a39682c6121dddd37a215d9523e29

SHA256
de97d96d211d789d2e40efdd48ddd5495dc3e9281a413c3b1e2ef65c9c6785de

SHA512
13e7a096f3afaf004ea509b645b5c6acc055760193d2a694ad2598737bc292c9dedcf455b8dcef6c8b0a6c98dcc18386e28fcc87dd7a9d6ab5892797f9776d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
986480fe7f900c9a8f0cf32e310e953a

SHA1
7d70474aa0072f4000592c8d695c77147f339016

SHA256
5fde3d561ac65dd3406bb3f190b9fd234b8ee83075aa2cfde0006cfa223eae30

SHA512
89b3140b68590868b9c01ffdf61611abee08dadbf85a04dd6d9dd016eeba1b58588ec03f4733dd71615a060453c7d2799bab916f9f896ce5d852be32f187eb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d0858b8e98edb106e2121983f817099

SHA1
6a9859825d82f079ed105b8b9044c1879779cfa2

SHA256
034969e5d1b35776b0641ebe6fcfcf098776615ff82b15c4cb0cb7980657c897

SHA512
5701773983df9d0c963cb64d2ce8d4cd7f6496de111fa711fb61c8a33de1ef4fa649f32354e021150965f8754ceef0adfe807bf2a6ba4264743e41bb1f058e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
172e7f39fc3d05268705d0fdf2449a0f

SHA1
ff413c3bdb437427aec61e6d2982c40d4c57b9de

SHA256
d0499d4d995607c78877bb4c8830070fc61c754f4da39e3a5ab5a67602c92947

SHA512
173f57477a11b04b27fd7984de3fb49ef6cbbd318032bbc3d79471a61a89fa3bc91045a4dbe3c9e836bac6737e67114d0b525ce891178e0ec53c269939ed3252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
2c4c5445d04ebb913ffebe31ed05e090

SHA1
f0e5171e8d3344811d4bb56b3629ba85522f7e37

SHA256
a1e9d43277267caadaaeb09796c7fcb708f9b3ac557095821a152b9a230294aa

SHA512
725c897eec9cdcd938e53de58118837b01efe780dfe430de428acf8978934b7debd37a7335aa204f73901eba68181f2f77dd77e96bd386314e99a661312f9566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a750e53da1de5726e8cb974272de38bb

SHA1
06df6cf7bbf41e11ed3af0e65cc72ec66c08a073

SHA256
2fd2ede66e14d9db2abd02fcc1a38cc27354afab1deffeb4d3083f84586dd3fe

SHA512
ea890b51ecfcba768f488ef013f3fd804ce6cfbcd3f7ed4fb36a17569f073f888855533b7fa8452b08c6d112dbc87ff37dd5e358b9a04b9191854b861bbb4e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
726a4f8630ab76dfcc915e0800243656

SHA1
9d394a3d30da822c6123793e93caa4c4f6283b35

SHA256
3aae2eeefb2a81c1fa99b4e93b68a8125b03b2d29ea7acdbf5fb90dc9334b606

SHA512
0721b8ba56d219e6c37f35027b721b5aa64713cc8823de9021a46a935177405ef691ea321330e2fe9b6934c6f5168578bd321d28064a7efc70ee8e828aca0021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
04d7f79be0e98a1c67a0de4ef2ef1012

SHA1
295d8ef9a6c5a56b363e51b6e503b9b4604c9f0e

SHA256
499bb8c916b6373f0b81234218dfc61ffb4596e8f7d864bb40a79208bb2379da

SHA512
3b415421229f64e8de2f973c74ab847afd4a3b8efd5bee398450640b8c5c758d03eae2786cf7f5ee2336888a847da2ff37d9db5c511579e24d49d0fd0ecfd869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dd9adede2b455f333da4ad10eb32326a

SHA1
f769f31d8062f4029917b3f40026de85a8d8f17f

SHA256
a80e1fe271266e909f69aae8b7aa5d6e97f05bfcfb6c166d6c896d60d0cc9792

SHA512
0b09d7327060e3138417e162d0297a12f690c477e85f0a185237c5c6b21e526ce3f1be5813c61a3d9b4c4ae27d2be0f65931e5e7d579e8cf666019360ea78124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d83a5fc2ad71ce13706e1aba5801f99c

SHA1
8f6c7da086b5cd0b4c353f516b76c3180f6dbc64

SHA256
a24c67f8c22105df6168be9066fb710f1b938512f235e9a95f30d92dee57d593

SHA512
375518d667b720b452dad112afb7b5aef3a93ba23b7c0b6998aaffbedd098d5458d0809a6f954e6fee2024a224e2503477677540781fffdb310a799e76ba2995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
2e0120febfd4cf68d523f58cbf45121b

SHA1
c39b7998980eb7bbbcaf80b0df4a9e2ac7a86a32

SHA256
9dc9e7e690657f3a83842d9a9218336d1bec805acaaaed11b3c099f48f6c2a03

SHA512
747ee9743812574fd50f0c3d16cc2a66fa68a6b6a6307a6ae746ac54470e0f75679cc222edf92e5e401aed69d1e371165f6f99c671068e4d0752bf8243886305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f1e2.TMP

Filesize
48B

MD5
464c6979f7c44b64c62a929871e0232c

SHA1
115b7690be60053a3936fdf6203a85f3cb9ff5b2

SHA256
eb9818bd50c85c27415de71f0a248a21ceb7a7f4343c71a5d4fa7d9db91edc8d

SHA512
ab2f41a0a456ab6647f10f16d2d68f104ad78d7a0ae6ab4d6695eac2030d3a0d97f750e843a7a374a31362f934b859da2e3b6f190003aaad4415124eb4519b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
5dd718e63c796fa9617f52ef68471470

SHA1
598477138989952b29d00978c2761d0f80559967

SHA256
e9e430cdb3c8c170bfcbd076bc558a25cfb90158e631c4a44a79429b27c2d887

SHA512
7326e17400cf7edf0c072bd1ac22f5701863431751eca0d60a9a7d80fbc46af4693ec22d3610524141d8a8c31ce071573c90e0549dd16867500c1a6198cc15ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
b464f5ee2ba31cadd09b3f8c71acdda0

SHA1
742fdfb5e65379ab4e0b5364b26a03f1356072b6

SHA256
8a15043d9dbabdcda6b4daed7520eba3a318f348de9cd29de9dd81c71edabce0

SHA512
a0e8db0e05ac8c8466cb68b12bebf8d77689e7e8f5109ace4c9f992ab6691a96d65b004d763d9d049809f7664577db48b8a75d7a475681f3d892acfedc10cc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56fa43.TMP

Filesize
103KB

MD5
e1f120ae162fc3abcddad5484945f6fb

SHA1
9eb7b74d006ce9cc9018c73fef581ddf4688f049

SHA256
b3e512db01578f52a2ff0e8fa33b8a5fcc3ae1ab783384685883784055f63bc8

SHA512
0e13d92b0e8c5e43c2b8ca914289c4ea7382c007e4ccf743ce5478d2b9f7f83657c7b3fd5257cad46c8489c25b5cc0fb915915716474dddee577b0bee0ee5cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit