hxxp://mailer2[.]cm-sales[.]com/lt[.]php?nl=834&c=9505&m=11352&s=4d67e0f7c31a715b36f87c452954b391&l=https%3A%2F%2FPixtor[.]mx%2Femail%2Fverification%2Fsf_rand_string_lowercase6%2F%2F%2F%2FbGF4LmRvbUB0cmFuc2dyb3VwLmNvbQ==

Analysis

max time kernel
450s
max time network
415s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mailer2.cm-sales.com/lt.php?nl=834&c=9505&m=11352&s=4d67e0f7c31a715b36f87c452954b391&l=https%3A%2F%2FPixtor.mx%2Femail%2Fverification%2Fsf_rand_string_lowercase6%2F%2F%2F%2FbGF4LmRvbUB0cmFuc2dyb3VwLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289090725216693"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
4792	chrome.exe
4792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2604	2672	chrome.exe	83
PID 2672 wrote to memory of 2604	2672	chrome.exe	83
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4800	2672	chrome.exe	84
PID 2672 wrote to memory of 4516	2672	chrome.exe	85
PID 2672 wrote to memory of 4516	2672	chrome.exe	85
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86
PID 2672 wrote to memory of 1948	2672	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://mailer2.cm-sales.com/lt.php?nl=834&c=9505&m=11352&s=4d67e0f7c31a715b36f87c452954b391&l=https%3A%2F%2FPixtor.mx%2Femail%2Fverification%2Fsf_rand_string_lowercase6%2F%2F%2F%2FbGF4LmRvbUB0cmFuc2dyb3VwLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9a869758,0x7ffb9a869768,0x7ffb9a869778
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4748 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3376 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5192 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5816 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3416 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2780 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3344 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3492 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5228 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5280 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3428 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2856 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3568 --field-trial-handle=1844,i,4548885892226023774,16978089759958205727,131072 /prefetch:1
  2⤵
  PID:2816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ecfc98c53b81a0e3760f4f2d7c50a7e1

SHA1
022c7a66db1cebbc702e69fcb393d3df2fecbed5

SHA256
f46f19c2148a5957344859b8dfd61f9b58ed62bb5688e0b4cc67cad857f3ce9b

SHA512
db45af1d84d60f6a6867b46f039f77b3d36c4bf00e75e01519541a9034c952eb25ee83372d8365fa25adde577d7fe3a2e83b1aeb00dc08c755e4d9b604351279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d9675d263b115c969066302b37e0c006

SHA1
6dc42980578f0c515e82e88002bb1e501e283638

SHA256
072a25f1b840f6f3032d2dcf10a72d2110f44b692b679c26c5e0a265bf2985aa

SHA512
4c8496822a129b1626e474e5d73163ffad3f78270557e2c838db315389231452915400149b5637365839fd7e342ff1c01e20a52b3ba7ccf7a0476714c1f67304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e5c880d28a9b27c138c461feb863791d

SHA1
256cbf706ba4157864181578961b6e770dfd9fc4

SHA256
4610630407f580ef471b7be7bc1588aeaeea9ccf019b2516ddad31567f192fd9

SHA512
ddef80035487ba4be7c0a6be1306a22499b9d8c501c4c48fd3103380e742e258d506550190a7a3105414b73f411076777550bfc6360652d5da5ee85a3d7017f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ed17942a82012d1998b5f9a4f3835a90

SHA1
03e117bfec3336095adfcaebc47c165703d65433

SHA256
cac32498e2298de8996be65a2a0635fe65becb9f96b2fc97cbd98afd65864444

SHA512
e9ef43065a32e0c3c5dd87b968b9f6bbb0d15f63aa88e935baaf599a3e684d3c5d7aec642c208249fc404976bb38ff3c1ce14e767f533d7a9568756413c0dce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
53c8533bee471efe08aa1424fcfd2f8f

SHA1
8236ebd9e9cd6da0e4f02549a6379cd21ee74581

SHA256
229c40c2f70c899724d4f93fbffdf2259ac563bf09751aa55b1e5d7567affed2

SHA512
7942c2163a2ec16d129b151259d02775050be83414326c04eda447ea0f5220c77c4be22acdfdc7d855ac668e02487e9390fb9e79b4eef824b978fe8649c6d12e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a959ced3a22f1b5991f57d7720e07620

SHA1
f6b1cfd56285a37aeacabeaa08ec1cf5dcfd688b

SHA256
616484abfc3e8f5c9cb5bf730c67742017f88c260f8c6c5b70ba5f0566499597

SHA512
40e00d1eacdabbf099e0a68297e355fb433be309f35e2d99b5ef987a1901b457c1eddbbf7b86b25ee49c69befbf745ad2ca8af8f969808d20c01e0bd31672ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
79e4ee41b40a9e4f656c69b323e28a7d

SHA1
fca43374e4f4dcee4be8fbb9094d14a0b973b0da

SHA256
4f8e9ac886ba6cc8469eba1076d678d39c0ec99c3051f70c2f9f86ebc4e87610

SHA512
27067192789425dec82361cae9e87d0ace2f2b235557e4435aa13bcc3833b48f332ff96c769edd1e66bfedd57ad3a2afe4ee0a9e2424aea943fd681ec8d0023f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
870B

MD5
0888ed2cf97d9454edf92cf0cacca5c9

SHA1
0b20739c4487747c501ad7d707a4542d1bbed65b

SHA256
942a9d713d8b1f9c53bc5cb966d2de6987d02f9024d77bff7ee9fefc7468dc27

SHA512
9843941d3ab5243037c7dc537db841c0353de6b13bae2d0beb2e00d85bb599527dd3f799cc3601694a4ef3c0619204966cd84126dce2dd86d8e83b6cd46a2800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
f0c82925604c7bac285a9db4a7a2e453

SHA1
06b40fdf026a6d62edf7549b6c1c54ed121f5c5f

SHA256
9c3f326aad9f22adc4a403de7a3c62501d608e1bbf1f50d7e70a5a8e91876193

SHA512
5a14686e3d462f222ba566482f3857795e84305bbf03f340cc23cef7b35a28d291830bfe48b997cf49eaa95f539fc3a29ed0c8864ce164b51877192555d793d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
a4d8b81f25584c7acf0be09a0015f9bc

SHA1
721a864e5d4dedc05301866417d9d9772b6b10db

SHA256
f4325635edbc3f5d6cc070653409dce4e538b26173bd91da5273e0197db5fb4b

SHA512
a82f20a9fa620ae94dcab3a51b7ccbba1c74948998e443ca244f9c3671d7a9140f17377b77a70d61eb4f47f5e1f5b9efce9a0abf5d6ac8dcc61c9541b8d7f6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
4afeeff7e04a6b6db7fd26389246a8a4

SHA1
b70180652c9ffdd87e1c28c6b99a6792e223bf64

SHA256
71b3e958ef32e6bc692c5e9f6772dab36865e158dc9773c150ff98fc863fb1ba

SHA512
c3b1437af2b256ec06967e9913e5a99395a90ce5e72476a55d60827015c763d5325b66ce76254a63e3209e8d9ff65147fcf6b118812dc41e9309db8c2029d344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2c671fc15e339eef2bf591abdff1f63

SHA1
89f7c34c9f8d626a4969bb9ef34b06b5a410cb60

SHA256
8a656a50fec29a76ba7969d3761917b1245621ee27d734ed36ec0068e00f6683

SHA512
5eaccc1ddd78aa3a9ea945a82ce5a80068691fa2d77e95acd8cf59501a7d6234bc32b9ea83c7b075fddcd97e1e69e7f8a6680e2c8460af28c82458fdd2fe45f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
226ac2ae1d4842d17ccce18eef0244c9

SHA1
84f14b01cc3126a7488e730a1b1a183e5f833863

SHA256
7ceea04d12b15f0066c67887ff74a4dae8b78119e56e9b67f0afcf3957397863

SHA512
584b1dbd8e0dd53d7d8acd88ce56982ecb053e510393d2dd6f44725f0503afda596ada95e0fff344c6cc7ee5f7f39ce3662b871be669057b2fcf2f90959a24f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
324bff26daaa8f9f956d36bbbc332f9f

SHA1
4c941113d8b45aa26b38195521a5ff554e2209b3

SHA256
9cf62ae497b5cf9bfdd896489c41af9bdabb1c36214b64cbb1bdb0559eb2c6d3

SHA512
3bc5f3ae0fda5a081e1858be039ace113d2574ba631ebf51cdc9f7dc99e886316a1c813987a31b9bc9e7573dd3f6e8d5e55ae1bb28f0165931cdf4daff9e6b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa7b56acad95c6fbd50b0ab27c05ef80

SHA1
af86aab1edc3f93a76fc7d03d3a535aa903d4ec6

SHA256
794c01431c3c6e5abf9e1a48eb626e1794904ecf8db900a1fafb11926df1672c

SHA512
06cff6daf90f40a7829df1625a4ab36f3a3059313c57ece14cb9829eb53aa50b27d263afab6fc01669f2581abda4cc590743fc82212937abe5eea751e3e3861d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83651e113462ac9706f9af8ada94d65f

SHA1
a6843c639e5d134ba4108234de6d59c07ef0bf3d

SHA256
c3d9ba57918422027304c0e2ca1d2e8c34f39216658b53377edabe2276249030

SHA512
11612344fec8974872c965ae4e2440e735c5637a1067e312f927f9f892f36db26cc07c39552f757bbd24cc996fa0edb83b7ff00070166aaa2eb9679abc850811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2771ba53026a93e58c1a2b5932446bcc

SHA1
cf52ae89eccb9dd1b7dde2f29259b1fcd242c4e8

SHA256
b67c7d2028dfbcead867fd4b402f8e526b8c5e4a13134ab03e30fcf80a586a9d

SHA512
b0ba2f7802cd48524526016d84a1d9e8975c0df01265e006dbb435ba689489a2772f452488e9649d9379855f695f4dc1afa3d192cb882025a6f38d1d6afc3ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5291038001e753bde21f3976ae87088

SHA1
39c6ff417ba062b56607e80512f7ae2f43db204e

SHA256
6e6d21b65a1f01643b0ac8fda9b2cb4616f4321bd6c4765ea4a1f4827cca5db1

SHA512
5bd7b63ff412b52874d0afba9032ab28837031d05f447b4915fa72a09cb65bfe3a19d141bb43985b46664bad1e280899b479d95a7c2ae060aa3bc53513f52c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b3ac26a032fb2f8bf76bd4d52490359

SHA1
f47dcf9440e9bd0615f822a1cfbcb48ffe818b70

SHA256
600929646f358f2290150368eaa200e96e169d0683575549934e1443af565a5c

SHA512
426b9df2ecff93d47c98d7e9c9b51aaafa8d390d1a7b749a7ac8a9a9a146684d82dcb24784c8f7141712a0dae0e2f1fdd2dcde7734c6141ee77f171ff773521e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6ea18ca821ac51912416f8902d469b54

SHA1
c55e4fcb5e67716a4c2134afbf58a5742c810e7f

SHA256
908001711bb9450f071efccf9dd8455caad513c8a1d73c920afef651b50422af

SHA512
f9dc53db52a07671208322d5940aa1fc25a012535460f37feb62efea06904bd473ba5f54cf806411736ca9b45d62795a8afe83c4c47fc962aa107a603ca8b203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
0e0fee1e08557a9937b64098562397fe

SHA1
915f5b5ef7efcd6c4e77e6a8e2d6db5344f59113

SHA256
8c10184a4933b472a7647982007caba1295b61689c19a7664c47b8144553a282

SHA512
7ec9d9ef9bb6f0ddf0c53c6095fa913ec4185f6787e66f51a0bd86f51a56e2603d9c10468395f704875a2f060e31e886700c1b4bba7e368ef142f393f7b88317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit