hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/9mx_CmQ96FjAVo8hGUDBK

Resubmissions

25-06-2024 13:57

240625-q9njysxakr 5

25-06-2024 13:56

240625-q8mw2atepc 5

Analysis

max time kernel
300s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/9mx_CmQ96FjAVo8hGUDBK

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637974831367683"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

440 chrome.exe
440 chrome.exe
3624 chrome.exe
3624 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid process

440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe
440 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 440 wrote to memory of 2524	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 2524	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3392	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 372	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 372	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe
PID 440 wrote to memory of 3440	440	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/9mx_CmQ96FjAVo8hGUDBK
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf9edab58,0x7ffcf9edab68,0x7ffcf9edab78
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:2
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4900 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3312 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:3832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2392 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4920 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4376 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1544 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:8
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3464 --field-trial-handle=1832,i,13758378796722000206,7002291902859669805,131072 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4108,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
1⤵
PID:3032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
ba26fdf51e94fbf46b66376f268595f3

SHA1
8aa7b6bafa14ed7af54a2fe208ebf9273e45dd39

SHA256
99eaddf1369ae0cf2cb40a860508b8366e9cbaeac0ee575355555f58957af0be

SHA512
4eb6dfe303a59decdca9c30f07018d5e0dc15727bde4b029530adbd553f85cf63ead3e53fb4d1b26968915dfca4ffdb08762db32190017545c57c17d066a2d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
86e6a0930fed51dd39384f2cef877fd5

SHA1
428ff9dc8145ef8516d771e3b96c03fe59deb025

SHA256
05a8c5dbb9ad223373d73335da20cf2af2512fbd52b29aa1c6c4d299d06c3040

SHA512
1c12bc2b69701496284b5ba21461ef49741fcd28704bce23cd5f2980d669c6fcb305da82ddee32f70a5e4c3a4596b1ff893b72717918d7a99683be96a9dcf2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
012d7075819b145cced95f62ad0398ce

SHA1
a375c7e7cd1ab5628bae7968e0588a12e9014c0b

SHA256
6844686226891899ad449d9fe5ed3ff5ce34d455edfa5a41bd5e467792ecdcc2

SHA512
872c5f7fccbc485875946609167b952619d2173d92c10527bbd49a8d9b0fca04ce05c28fe00f55e57e5a0224afb742d217b5e6f4be4894d10180be10c8f7da88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
d8f0031e21cb9654180bc3c50e96fe2f

SHA1
e97c9748fa95aed15c052f8887c479c7afd2aae2

SHA256
fa0f40543917d5547391f825fcf6093c889adc9f20b5b948f0a8cb50282bfef1

SHA512
dc99cfca2c85a89508fa48f38c3e3fd3f39a8a09e83e4830e0db5c7c6679a0907452a9166d2087040fb55cbce762858ebf9a59c4623b64057885ac46a1f804e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3b8ab32c8962501892ea4ec4a75ec90b

SHA1
ca387944ebeb067c0d0e4d1f3317e69a0e60e7de

SHA256
107360b46064acacc8d35b2cac238b1372fd45ae8745525d410245563041237f

SHA512
2bb562707cb0b458ef91b2fa53956c847f3d0004d998a7f6356d9bf19bf2ec16e25f826176a66b45e1b16f5ec86a8bc00bef69a586602148ad8d4966404fef21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
491b36e47cbe06407ea9958f7853ad71

SHA1
f9581b1a3dc19947bbf2ed07cf6e3a3546bc5626

SHA256
90c136298060733c0fb9952b13398d8866d2b2ed73694da92b6ab108fbbe50b0

SHA512
6f8a47c5837aba413c97572952dadd0becc9816877b9c6ef59bddcaa2a745bda25798eae058d34f5d7ad4bdb28d8999b5acbad8ec118d3e39c14284628bafebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
73191e9d6c80417cfb6d0860cf56b60d

SHA1
e709bda678d2d6dd2a9306ceb8ec0610bcd23fb0

SHA256
60c8f483bc0790c8aa95d76eac86f0d763088e3ff816416065d8b7430907ef41

SHA512
bb20648f2e20f6af529ada1c9274dcfda88a3d9ec0e8c00178b5258d9fb8af3c6a29e2c8c7f617fd491adea5e32ed1178563236a6ca795236f7d74aaac80994b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1015B

MD5
1fc0e3f9263af69f9f973dddf797ccc2

SHA1
c73efdb7c55d50426086d87fb38f51eed095d71f

SHA256
faed419d9badcfc0eedda9a2c4381dc74d19fc6b2808b4194f948acbc27ca1a7

SHA512
5a54d1a3c2b318d98eec630b8d4b53484ddbc37798d0634a0d85a4121c5053313817b8b7bae9326dab77ee4c7697d914fbf673dd91010dc8344618ffd9421ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1017B

MD5
2956cd0f2d5875911fff911d90ba7df0

SHA1
cb506bde8ceffe16e00de1b25ec0fb7b3a9dab34

SHA256
8a08cdfb5b8d0c1fd9f95a12bb1612364fe164e4b3fba8c7f3f429b73c83d4ef

SHA512
63f4b98a513332e5d49f762de028d791c6f13fe54f0803c429091bfacce4e6acc9e27bb89552e173ccba4843875101aae4dd1c41351f20b95dbff44fa4806823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6b314f59e774378fa69b2e31d63fc3e1

SHA1
813673b1c5d5ac63d1248dd74c7d3734efe3220c

SHA256
088d6444f87841fbe28aad3809648c3c8080ba0082c425be168fa6249ba46441

SHA512
43d8e168c5ee41ff978fde0a0c6c8991dc97c3cbe3a7eff4a0ceca4b83e314a718ec6582c84e8326a9a3e29b9206d18985d289603b75e7e35b882997bccd5e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5900f2608fe6249c4681c91ab3a42c62

SHA1
fcb29984b3f92ca3cf686241fdf89308c4df95e4

SHA256
833ef07ff91c5647f750bda3e01f2fa4c51f0d44164108aaebf7ff7d7025a22b

SHA512
b2e55c9f479e83c6495dff35c5c8cdd92827753aab876fcdd87f9e8d3093c74a40ba203ac2b73e6dc335ca24341713162d3400294ef6fd9d553e42aaa9daba43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
23554d7158621e7fbfc41ac2e4845218

SHA1
54e2e928f2cca93f2622c71b6d7f5ea373f0f9c7

SHA256
aa25fb1a12b4a1a50bec2acf573baba629ea44f6dd58b38b72e7c6f0d575d9b3

SHA512
052a69aa3a8d47805c1806dd1a96d1bc729231af18510ccfcd0930ecc72769246471af3b978f91f1d402fdd4ce29414a75a88e19ce0053de0670cf6225e208f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a77f135fdcfa194e292ed0bbc0b1d9a4

SHA1
39900cca4b09fdbf2ddcbf86b92c956099450a51

SHA256
33482c6791c9395ec7ca14bc53332ef653d26ac9a24ed0cb99e7b36026aee474

SHA512
438915a097eb4800047d76993ce32404f47d5554582a947e17208b784316e54be04504b78a138da108cad69850436c5eace545b312827cc56357d83fac0bc7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
19878920b840cfc9d36d0b41ace67d87

SHA1
7cba384b63b3e50c872b62483c241e874241e405

SHA256
400d7fbac5b70ea64d51c1c4e379ceeecd196af6fce2c9c87272252a4cb92ca5

SHA512
4634be15b6e143085865ea8fa09d7174178d1779e0dc498a950f95b1be7b9af3f4340ead650c2660252a1044407bd191288a5db891db6964c609af15a442b825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
44109dff11b4e9b8a5fb8021eaba4003

SHA1
617bb59bc9023a6d79dfc4f23ad9fa7b49b01824

SHA256
86eb9f5e252358ba8dabcaeea023b0f9a8059b6da136571a8e625add8b392582

SHA512
eaa8bdc16ee68c0631b3b7f27c863fb000512559aa7711cc6bd62d155fad806b1964142f6aed90c61685062a563864f3cd4e695f77f615a735ed6d5a8c99d6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
a97f9e35c0ee854327b0cd2936dbf7fd

SHA1
60f3022b9de7d16128c675c16be68cb7ebe73049

SHA256
09a2c0d59bd039d6802576214672b9fe8ee908cbbc424c88c809ff71f7ea5f90

SHA512
be2b78cba08f9bbe679ac93cd5063c6ff5c001a3bf6c70e14745da27d6191c4e2ed697362dda8d7ee61d17608b09d712b0e8c34c3ba20484a481476410087b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
7983faafde9e9b2bf92736d1a31c6497

SHA1
d8afd0d803cd324e9414834c450d71ba37946afe

SHA256
7882b2bc1e47b9ffe186fd5ab3f2216092b5be026f4f7bac054799a5fd38bce2

SHA512
70d7968adc12e0da0b288bfbf8c0414f8ea993c26e78cd842013f88f6bcb4d22ed8f70f6d5124a7aa1c3758e0fe9e19b9ad777b3ce3ff40ff2c1d94842d1732b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
818b532382cf7727769192e6334c80dd

SHA1
31b6dc49cf9d98d62f4554c43f5727d8ff6a1a25

SHA256
515b7e992d7f6b6aa70926e2791ce8c76a62247d8b5d0300e749d0da2638bafa

SHA512
01495cfec081f7cc855ff7002493445dea9e257dcda76d94db86d892bf6654d218f6ec5bc690dfe76dbe67a96aadaa3b435ec470d75c8c7447bdfb19994a67c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fb91.TMP
Filesize
88KB

MD5
6456f550468d0887c262409f19db4761

SHA1
4c3824269fcc0ce804fde367182a057b4ad62d33

SHA256
fcd506cf3eff92d913e56194630a2947fea1d6110724879682e902a0fd9bdc8d

SHA512
82ab3e22bce5f304807e0eba3bcdb146801dfa0995e5d096e17bf696f5a4c9c99ccdd5b1bde99bb68224748468d4ae5cab4a8f2bd6508ebce09825d436ac4e8b

Download Submit
\??\pipe\crashpad_440_YHVPKBFTHCGAELFO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit