hxxps://myoxfordcorp[.]com/psp/OGR/?cmd=login&site=usa&User=phennell@northwell[.]edu

Analysis

max time kernel
138s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2023 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://myoxfordcorp.com/psp/OGR/?cmd=login&site=usa&[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445381763290448"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 4932	2296	chrome.exe	35
PID 2296 wrote to memory of 4932	2296	chrome.exe	35
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1400	2296	chrome.exe	92
PID 2296 wrote to memory of 1404	2296	chrome.exe	93
PID 2296 wrote to memory of 1404	2296	chrome.exe	93
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94
PID 2296 wrote to memory of 1944	2296	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://myoxfordcorp.com/psp/OGR/?cmd=login&site=usa&[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed78a9758,0x7ffed78a9768,0x7ffed78a9778
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3764 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5076 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4860 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6136 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=880 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5424 --field-trial-handle=1864,i,2035767565752071610,7932398381335090668,131072 /prefetch:1
  2⤵
  PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed78a9758,0x7ffed78a9768,0x7ffed78a9778
  2⤵
  PID:4876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3a9b8b2e-b1b1-4f81-81ff-4d4c1cb77ead.tmp

Filesize
103KB

MD5
59965d3dc0072a06670b47689166f59e

SHA1
d106241ad1c1eab39b88cbc5d9775dc60a39efc4

SHA256
90fa1628749c69861eff9e2724a916c633bd7a43e6db052729151f12e0a3f9f4

SHA512
85f90ab37a7e9b755154e209036a92bd702a6a833179e258427b8f5aa810e2bde86977d122ef5dbd41eaa64fc71522f3108805460f72a88d2ed04fdb6ba9ff68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7accc65a616f1e84aef19c211dd13950

SHA1
81046e66fbd29e4176ce4f816e9e8730f84b5847

SHA256
f444b4ede4cf0be27c8912b34cfb115237b892725a9d4fced3347141de251bb5

SHA512
812467797d8870d02c26578fa0ea2dbfd0da81ddd8a9999bc4fc7abbaee34aca89936c443f74f8e62200ca1c8ff2386421ea449f2b35895843d9134b4d6a6c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7accc65a616f1e84aef19c211dd13950

SHA1
81046e66fbd29e4176ce4f816e9e8730f84b5847

SHA256
f444b4ede4cf0be27c8912b34cfb115237b892725a9d4fced3347141de251bb5

SHA512
812467797d8870d02c26578fa0ea2dbfd0da81ddd8a9999bc4fc7abbaee34aca89936c443f74f8e62200ca1c8ff2386421ea449f2b35895843d9134b4d6a6c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7accc65a616f1e84aef19c211dd13950

SHA1
81046e66fbd29e4176ce4f816e9e8730f84b5847

SHA256
f444b4ede4cf0be27c8912b34cfb115237b892725a9d4fced3347141de251bb5

SHA512
812467797d8870d02c26578fa0ea2dbfd0da81ddd8a9999bc4fc7abbaee34aca89936c443f74f8e62200ca1c8ff2386421ea449f2b35895843d9134b4d6a6c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
87KB

MD5
dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1
c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

SHA512
6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e2608469ee85b0bba464f54d4c0e9fe4

SHA1
1c403fa4f94d9cc2346e7ab5390a4bda66b57d53

SHA256
23dc6aa22d4e631d948f933fa92108b7b5384cf65252c8b1f692d7639104a665

SHA512
a569e01102c7c0ad745bc14b54d5813b951459d443da43e739e405f4adde6514435df4cf4ed4672ef5402c652b91bf3463ddce54719ecfe1003dd9173115192a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
229bd74784389532c04e0bbeaa8f7a4c

SHA1
2054ee4a296c6a5dc8cfdb1851e7c204dab95368

SHA256
7485159b66ce091a7ab35af12d434b5db52a584ec8c6bc527a2f78b28cfe80d3

SHA512
4a80a1a6dcfd342ba448ce09ce6a7c6369f4aff01f4e3b6879c5c767f82ba650e213b60926814e291484832084f8fae864a58a2c72b681c2b9830258b566b4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
820c45e730c0e79e436ff5d95ec52d54

SHA1
a01fbde43149fda782b32754c4ca07c2e47594b6

SHA256
ec3e52c8eee9d571f1efab4ed33fec59df8a00ced42ca87a0d31ee9b83e08b4b

SHA512
07f0c5e76b71ccf44c1e05f62de944f4d5567ee6adaa6b4f473ce990fd96aa7f5eea125a6d4279c34af0ec82a3f64eacd5b1c124d422d93df6291404344fe1d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
012d102de970978c2835705cf9a176bc

SHA1
8d11e98f7ebf853dccadfad6b4645c9e3d9f3374

SHA256
75acc7744030614c35b485e9694162b082ec7fbdd1d3036d090dde50ae8ed296

SHA512
b89b613f1cd44785455a3efe40540b69a46556d47725406ff75ea9b84edcbbacddb727767f146b0dd5f68ba4c8c4db0d0b7f9f8bf181a6e4ebea12c12619b87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
10322ecde3f5e369d841f31f3888fb49

SHA1
646532b54f2c24f6f8ef544cbb30aa4c189fd38c

SHA256
b2d97720300fc089db2e80dd7992e83ffefcaf600bbcf9c701287b4f0aa0d401

SHA512
b5a3f627e86adcf67dd0e8b57edfbb780d5ca34e0cd159fa1c0e7b3de89206bfc42903915a183166e68f1f926e2b95ab5fff97a0fb254ad727a0b1c62eed8d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e0ab22e4d4fb41b959aa0c23fafc40d6

SHA1
255986d078375e8cd3406f0209236bdeb38e1a9d

SHA256
7b875448c94992f35753c58063fc60c3ac59e44c29a5f000c2c7d87d2be398fa

SHA512
2fb6b62ba3baa285669b8bc7d49c89ea078a429fb0df3b22d547118c096d8165d430a4bf8513033ca579f00d99e7a0cbaa8b2cd6ffe2d3799906301c4fbb0326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b66a81b520c5e6ddf445519098f46d8c

SHA1
49e27097c6ea28afb59980a55676c34f376e645d

SHA256
97eaf070b3f29a95a7d14f94fc5ef4da17c968153782fbe32c2144161ab54d4e

SHA512
3f3fe90f7c42e34ac1fc92a5b2ff9ce25212c145a00a484c8dfd7910ad1926e661ca2db4f26f73c6853e36de8417bb42f29777697af3ad072938e8a318b5a896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1cb792394ec4c912f71633bc79cfedfd

SHA1
b37c74b5b4276d3415054d6af807bd6540cd33e0

SHA256
8b6187fbb091790145d3a0343972bf0455891dbc82033c39805eaded5196aec9

SHA512
09ea496fb4f3073ccf90f6c09f8aee4fbf608949066c9f2926b5fa1c2dd19f4a7961ebaa35943812ab9bb6547ca39a8e6e83f0668271c32db1086eae69724ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
423bca3dfdb8bb63266b9923fd758410

SHA1
4fd1e78724807908da6ba6a338aee0258eaf1a93

SHA256
c52d7f2fa47b099ec55bf2ab157268b739d7a123c54d4f3a7052e552f8d81ddd

SHA512
8ef55e9f4748f242b39a6430b347abdd7d371509f61ec0fd53594288ed266b40a5f3925d83026fc85f246d3d845dffd4fce43996a6cd156aec9d06ba844a75e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e330ae692b8c69efd36fafa74d3a6b71

SHA1
692b2b0d1dec000780a7235bc91a7d5ea1db1b01

SHA256
7bb0226b371e1103f1c685d30295f84a672a7d0011d17a790c16a8b5e3924f04

SHA512
a09c33c86da3aac779da6ebf5dc4f6f4669c595e9c3f0fd33b98d12f143790f64310e01365455abff90c5170d7ab28b2286d43f8190a6ea73165f9e1dd9d7f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
585f37e7b2ca01e9aecf977a23189e5d

SHA1
9c72d837537cbbf1564a8f972ca2a81ebf794c52

SHA256
917d03e1a75963c5864a6ddfb7bdcd6ee4bc719e68e9c6d8314d51ebdabe1468

SHA512
cdd0ed4186d83feaffc1b894b8ffd8ba6f7d7c93fd7c8697b043e21e6f0a6693202df12c225468352c45c8e4666bbadbd90276eab894ae669bf9b533f70d9160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
074f71a1f83eb4dac4fa93fed56ef509

SHA1
7de0761fe2cc9116984d089de71fb6dcee464aa2

SHA256
02d1ef2b7e9e9c4e82d725d7d7af140711413d517aeeb65dec9dd15e1f8fe9f7

SHA512
cfd06463912a89e7cedb02637ef558c6b8d74ea2285ab5aca2c685bfce6fa93395c9de2151285718ce11e064861343bed236878d9116b5a36b7259c579046e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59966a.TMP

Filesize
101KB

MD5
f64b09e3c89fd8a280066f9f9b0f5902

SHA1
04f8c239ed55c3a0390c50dc5eb2cbcaf8e858d4

SHA256
3541d6a2dfe3c9ed24dcb0a96f017d933d23b6aa0eb9e1fd15c0deafdf79f094

SHA512
0036d0d9d41ef91b9716c7f9eec8075d0a988d9be02df9e76d2c5c25613b19c1eb2a9b0af19db7d254d26107acabbe711cd8b14ede139fef097b710d3e53e6db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit