hxxps://url[.]au[.]m[.]mimecastprotect[.]com/s/lsVYCk81XmCn5gwvu2D7YS?domain=u42782291[.]ct[.]sendgrid[.]net

Analysis

max time kernel
150s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
12-03-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.au.m.mimecastprotect.com/s/lsVYCk81XmCn5gwvu2D7YS?domain=u42782291.ct.sendgrid.net

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546797099295601"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 956	4236	chrome.exe	81
PID 4236 wrote to memory of 956	4236	chrome.exe	81
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 3868	4236	chrome.exe	84
PID 4236 wrote to memory of 2144	4236	chrome.exe	85
PID 4236 wrote to memory of 2144	4236	chrome.exe	85
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86
PID 4236 wrote to memory of 4060	4236	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.au.m.mimecastprotect.com/s/lsVYCk81XmCn5gwvu2D7YS?domain=u42782291.ct.sendgrid.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae2609758,0x7ffae2609768,0x7ffae2609778
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:2
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1776 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4508 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5244 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5472 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5628 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1828 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6124 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3396 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5824 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4596 --field-trial-handle=1856,i,1005555939497786523,8863160486689683375,131072 /prefetch:1
  2⤵
  PID:3672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
27KB

MD5
032f97d15e951ecf1df389b8569d61ba

SHA1
3a3846c7f1bd8c39696a7688ff47c141a4899768

SHA256
03501b91ac299d943644c0efd601328bc25e9f4814cf7d7e9086f6f20f75bbac

SHA512
1979cc0b094a1a0f25e61b9f12a0d5baec8155d99990953762dc5c6f2cd308d8a0ae903c9f2b532fd5f3156176493fff968c10c712690fa25325ff74dd17bcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
d18d76e83331ba3fca746df44fde3d5e

SHA1
80856bf826ecca49ea379cfd8a71c4699c8b81a8

SHA256
c98ac9605f45bd3be9bb2f7845bb9b59bd820476be6ba38ccc53b5c09ae44a50

SHA512
e061a43cb556284a49cfb2fa5cda3f69c3f921084b28e7a5a02add9c8137b264a0f582a49fb58b20536585e9cb8b5cbe617d8ac1e550f006677ad5b120a82aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
b1357efcf132ef4e0249a857e617e160

SHA1
8f9739d2fac436ce4ea58fe8e54395645ca06387

SHA256
f5481a67587c09642947de521c804f0215f4885c84c97e4c1a08c39f65336477

SHA512
b7a65b6103e707c0e5cea436f171d19e4b2760abe94d8eb00a42fd30b52cebd4f42b71fc14d6c36a11a9976f1ed524abfcc8426f5504589d1165c358faec7c57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
59bbedbf20a806332d9243e09674160f

SHA1
c53dfea545c7bf7af4c43999778c1fbfe2fa3345

SHA256
a36cbf87dc878cacb9c79da017fb9ff033bce5cffd3d474fdff0a762b5845371

SHA512
1e67393c5ca39411faa9d30f16537f22049f2d71536be80f202a2a9928b762e0615c02cfd48a170de682161ecee11f9c4c2b7ec788b6bf19811059ded9096ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bee1dd949d6c077155522ccb3460a005

SHA1
25e719b8e05923febe3b284e6fe9cd079c93f1cc

SHA256
06374a78eadea8fac9b90e270cb644f90b1f7f377f2ef9973f7dfb8fae146e7a

SHA512
9d5507662f1b5036c3110f57b78bdb7d68fb7dd4c339fce3dc8ce207564016e9284c796940087b083ff42485b7265e0010b834c01eb3d0b7cd0f5c154ec3d369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4d2a6dbf4ef99692252bbf30e82605b3

SHA1
cc881f82c6fa5756c4e1e8e7615799076f165780

SHA256
a801fb84cad7bc18d49bb1da80ecff7020f19a6a40400602cfb646bf8b4010fc

SHA512
f0e140a16850366f57689e59a0608f4aea307a2b59bd8c3507ffc30ce37f9ad2dae2a5685f89c198d463daa7761d28caf182f69cd7e999d263e851b326996fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8221cad448a9e90f2277fb1b20ec3b4d

SHA1
abe9ccb3d140f0636c2520b27f7ebd7ba3fd1ee2

SHA256
d946b6804a2585bfea5e644dd03c958dabf3c0fee1432d6b2d4c6a51bb3f657c

SHA512
cb55dff70662a2e06d8ddf3f0c3400b0deb0d2e6745254af587d63b6cb3ed46fccb42c748ff0b6ad30eddb8adab0ed8dce8989de635e335eb6049732ba458633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9031967f40c4d82e8a5430eee4aa15ea

SHA1
bf9cc1ba5ece8a5a1ad09e32ef82db0ff7c777a2

SHA256
521af3cc6f77dd071eed8fea97e5b82540abee9f38038876ca47754136c2c15e

SHA512
0a0c64aad1a66b65f7f77c93ec590d524b3ede9a51c1167523510a8ff0f9831e9166d9dd97e60a48df8df88641f7502f52f6f022a81b2057a93fb40307534d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
90ece38115167d6b42f1474d4ba8aa4a

SHA1
867a4c1346e068f896ebf91ab657ee8817aa6da9

SHA256
20439d55b44222bb58ce3f309cafb10bd3f3610c84f21d8fcb16439981ac0dc0

SHA512
48a16687152e236a4fb2abd33fd3848b440408f33a4f403ac9b3789b860bf3208741ccc54938ea95d039c92ae4daa912c3c2a0520a9ed4af76849534b6a2080c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
780a4c3bb96487c146f753c7ff9af650

SHA1
35f39312345e6ae3a64ad4236b92ab1a171f1ebb

SHA256
182a3c5023cbe24783e7f51848b5d363d37bcdd772c7ba6863fea200b64e1960

SHA512
7be107891c3eb2aa8c881d1c47509b0d07231621e53b1ad9ea5d68af48c14325910d01acbacbbe632d10c642d6a6a516e43a846265f258da4dcbe9cfb05e3864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
3785cfaa62608faa920e066ece00b95e

SHA1
5b74390d7ccfdc62891cc0bc236fff49843b6dcf

SHA256
5055c8754b2156007ca035dd476ddfef094f5052825c8eb576fe1fb901a0ec70

SHA512
84e1910b01d1b374c7b0dc2c5226d9af98d9c7d03f9930a4d4ddb10b3570c602a160a1711930adfe4cd63348810bc40e1c0c681efe3238258f03515a3d60d175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
95069e5fa4873f178d1ae88b0c642221

SHA1
6722ca789b15bbaba20f702b33a0c12f0fff5337

SHA256
277656f54162fb38034254960c3cf9f663be1ce05025da02a169e5b6d00d21bd

SHA512
b2ebb5d5e1efdcb1c0610f9b3af30caa4ecef26e1e9777c6d51ab5e97d69cd0b150a6fde1bf82a4d8e0a36992c5741e64eca5c83dafb87eb4cdf0dcc40b2db15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
075801615bc074ae04386d8bdc339235

SHA1
273ee3f348d99213a18f04e3b48facdf5f2eae6c

SHA256
64a6f64a531c83f519cdd00fa386792aea618a613ebb6b6bb4f3bd76aaa1e164

SHA512
1c8e3057bcef48363dccd801f45779006032d8c976a182592aaa84501c1f6f510799f06db0d709c3e6f87263b55c28a0f89c80f73eac7918aef92c2cb0e4042f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
31c0230ff60d1aa5758f9da56265fbc9

SHA1
4d003c36ed3427dde9fe535cd8fed2aa7e2f7311

SHA256
964e92bb9c1198b3db5a986875a0c7cb4340e2f17e2980c0f7ed60be9e6790ba

SHA512
cd0e70dc0e0fd82b6b7201149c7d98307dd3b0165f0e0750d5e71f636ce3d89a73450a3be7983c5c5b4f6b6d02ba16748946622660d3a1a1b236bb80f17f5dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e71d4114ef743073cc822d3727201ed

SHA1
d6bf1202b438a3fedb75763010c7c56b08e1a597

SHA256
7ee9db654e1fdcee115a06beff04fab31c2be2afdfdeb69dbcc2c040cf180fe5

SHA512
08602f7324141afef57b1dad616efa95a9ec06f46561d50cf5de8d39a2a023123a58ee2847ac9d83febc022e76ce1cf759710b1859986b1d63be4fc96aea3a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2e6822b3a81279b7ef6c96ea2a16873

SHA1
83fb5c122548f5fbb3e1404056eb78fbeab8386e

SHA256
a59a6e4e16e1fc6cb59bc92720783dcf4683bd8623ff6a77cea745604697e80e

SHA512
fd28f1de4b736f85a2085cf8f61bb7f7feb193824a6b31adbfa71397bbaa148217a1e413fa088622a69b00c613179d936ed6be7a0a37195eed84349666c9a223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
09bece5b6c8dfdc949bb38c66ad90a28

SHA1
9b5b0c3f29300583f5b50cfdc19bc0e165201675

SHA256
1e75331012d8c9b6d05e9ac3e7de4bb927351806cd51810fd200afb8c5e26073

SHA512
9a044e8c115b8eb7e10a37ffafd126daff1fd7b3636a1cde144fec74852692b9a6d3f8898973a20084f6403fb0dc3055116b41dffd4ef2bd8976010da6fe3f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
142d7b32c225f2b11126ed78183c5a46

SHA1
f34257797911bdd6974971a12bbf57f3d6d6ab9d

SHA256
81e87a721eaf4beb38fe60f3cdd7fc19fa8002da0bcd4f1c3e00240238aaeff1

SHA512
6eba96eb881ff0dde2b38b765bcb1c1273df6351097e9d934efbd8e5c774706bd67ad3246ca7cb4c86b84be9f58dd3d1f1548cf60d4f133a68533e44c9b2de65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
267d7c2a391ed4ede0e11fbedb683225

SHA1
28124d2fd8dc7e7184e0a987d7dc405653fa6149

SHA256
696e07cfeb2ca640348783c9e5f7b90036a7f2ebbbe1251a376c9ca4c21beda2

SHA512
0668973bfda6b461980c9ba9e1d85daaab0a013030ee1fad4493f4ca552b6f0f6668fec99b33af8dfd43f0921bbd0b1182036e3d2485aadfba74a272c6d93297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
54dc24f6f8f56c8b0170172caff39a52

SHA1
8204cbe8ef32a797d4bc222971eae2e43ef48c20

SHA256
fd1d90651874170087e95ddd628649ebbf1dc750a3a2681d5f67ab651bd68a98

SHA512
00f28f17beed65508c42e38d12104f866bf68ca8cc6e7156f34ad4f722c0db1c1f08f251d787c067b1fb01a3588f892f422502e75d0460d8299b0882670cd006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
f8dd817aaf2171c57f27c3bbef9e9663

SHA1
74615690c1962306130ad61aa7997535d7b56d11

SHA256
c4e1ad6c7e70a94179495a65f1e969a1856eed28e7490dcc5434f81094a20496

SHA512
b5d74133d5d1d4cfc0ae3370865d9cd49ad51026e880001a89ca51c5ec04cf62cb821799e9c4e2e7d39057c968c0c0279aa3d2a8c185cc827e4a58c910cae7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
a89369c8dbb780f483e8a73a74880404

SHA1
70a4f2b6aa5539d3195457aea2194df4e311dc17

SHA256
a979fc09ad7c63c964ec7fbcdac7d242ff6f5dfca85ff35e7d5904b1533a00e0

SHA512
a781ff7d18831b2ced2da5544aecfe66357b984e1390d2e7fec7a4866be1b81fb3f7f27faa499aaf004ac98d2764a1bf290e6c37876f26d319f181c01eb64a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
dd3f6702e9d44fa1ea5def75d80b3a54

SHA1
8383e3399a03bf382cc7a7d55e4de63ddc8fc3dc

SHA256
db43d64f4d424a1ba014d9a6f027008855c8e540bd3235fe7465eb5ca04d593c

SHA512
6d9089231efe6b5957e59010f55ae1c7639bceaae59256f49dcfcfdd6853d779c5f91a691cde5225102c8c124b4bb90c8ffa7483801c2081304fa54a651b9c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
24fd22dd60628683cda5d0b851556923

SHA1
9303580cc0e2dff4e2f73ff0b569cdca2f8bf299

SHA256
dfe9a00b6baa0e046f66cb04a5364c48e83b2f64464414bf41ec4bf36ed432b6

SHA512
fadf224e3342f6209e0c715b6b0530cff3b22ae65c19f2b30440ca5e8e15d957992025618b3fcfbe775d8d2f36f5f8f83e725c65b1c174be1d7365a6e41e7ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
a3572646afe962365a4d33c8f12871ff

SHA1
39530c0ae84e76f9d75267a0e865b6a58e89491e

SHA256
b4f91e758099fd201c3b259e66b37813ce39fb8b32ede12a4951e3399bd89fc5

SHA512
b1de6807be55e192dad4bedacf73a244b0c2d057a9d8910f90e91c683aacec2a8327b5f956aa7b429114b45bc44a82a2449a806f6dd2529340c4b72f8ae44de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
b613c332db88d644d8a665bebd01ad7e

SHA1
f6567a62b50c967d0567c0db9d9f93822f711150

SHA256
f774d2843ee7ac49a4aee532ec2c1227889d6f6c704ef9f9087f1e35947776f2

SHA512
5e2af8481c48b31ecd7fe182ef15529c1ec41c4d5127cf6e0d8d198cf55b7ec2bd102db5c678d05386e76becce4030634a426b5cd615924a268e5971ee0dae6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
f7a267e037956c876a7ddc7f986656a3

SHA1
187d508b71d7cbb6a06b6f65bf9132625145f8d2

SHA256
2fe7cfb4f25d09145120f89abe41c0f90a2f0a5c0ed30bcbc4957364c5582264

SHA512
f2a0469ab71537338e03d1f2b7b5516cd00373a142d40746e49272a867afad534fa3a84aa4ec75a1c78a62a93a392106c9a0287dc57c6d7e9047937dadb04b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit