hxxp://ww12[.]amatitlanpmt[.]com/track[.]php?domain=amatitlanpmt[.]com&caf=1&toggle=answercheck&answer=yes&uid=MTY5NTA1NzYwOS4wMDkzOjUyMmUyOGM0NWZkYmZkZWFkZTE2OWJiYWVkNWVlNzE4NjJmM2QwZWUxMjZlZWNhZThlZjkzNTM5YzJlMTliODQ6NjUwODg2YzkwMjQ1ZQ%3D%3D

Analysis

max time kernel
325s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ww12.amatitlanpmt.com/track.php?domain=amatitlanpmt.com&caf=1&toggle=answercheck&answer=yes&uid=MTY5NTA1NzYwOS4wMDkzOjUyMmUyOGM0NWZkYmZkZWFkZTE2OWJiYWVkNWVlNzE4NjJmM2QwZWUxMjZlZWNhZThlZjkzNTM5YzJlMTliODQ6NjUwODg2YzkwMjQ1ZQ%3D%3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396120835838741"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 648	4520	chrome.exe	84
PID 4520 wrote to memory of 648	4520	chrome.exe	84
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 1680	4520	chrome.exe	87
PID 4520 wrote to memory of 3980	4520	chrome.exe	88
PID 4520 wrote to memory of 3980	4520	chrome.exe	88
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89
PID 4520 wrote to memory of 5100	4520	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ww12.amatitlanpmt.com/track.php?domain=amatitlanpmt.com&caf=1&toggle=answercheck&answer=yes&uid=MTY5NTA1NzYwOS4wMDkzOjUyMmUyOGM0NWZkYmZkZWFkZTE2OWJiYWVkNWVlNzE4NjJmM2QwZWUxMjZlZWNhZThlZjkzNTM5YzJlMTliODQ6NjUwODg2YzkwMjQ1ZQ%3D%3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea1d69758,0x7ffea1d69768,0x7ffea1d69778
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4148 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1792 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5456 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5652 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2756 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3108 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6036 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4300 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5076 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5540 --field-trial-handle=1884,i,849841520256449875,2824760372617499056,131072 /prefetch:1
  2⤵
  PID:2592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2464

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4812
- C:\Windows\system32\nslookup.exe
  nslookup
  2⤵
  PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c464268d5c5533924a31918d3f94666d

SHA1
447d3cebd8ed7beaa27b27159746c1c9e77a0de0

SHA256
ebce1312a87bde2d5189500488b09f3e14f7e6553ce6b277310403dfd8db6d7f

SHA512
58dca4cd37bcdb95005928b429399cf260ce378fd03fc071b4313f9484ea78f36fcdca2f774a1538d1dfe8dd23e0a24ba7cc8176113550c6b73c795a327f210c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
221f9c339de3034a7be42bcc73914c59

SHA1
56b349f25bb4cdc4d0db33c07832b8f884187270

SHA256
eaad6599d23fe65727c7c020b5a79188ca3589195380e983da4c2d20f800fe06

SHA512
c3e3a7bf1089a6e5a45f919587489814c3d17622ea140d003beaffed7404abb2331eb93d9429bd955b976c9890f7142c6d8dfe4a0df672c9b33eaba8e15b58f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6814f11a7abd3d9d84f09fe2e1a86cf9

SHA1
fefb0c3688dd4e86331cc175e65c5ea22e8dc907

SHA256
40ce0119f2a0b23f40b9780450515aaaf0925429fb3034242b9ffbf1f1634516

SHA512
66c332d74480d058e23ef56063fea95aa74b516fd1f3216b39140486518353871fc92bb85e24fd62c7437981857a9738cdb94c6656b812d3039861ba3b5fa2bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
81bab10709eec991101aa8bb78c7ad9b

SHA1
1a981449c8fd0d67bbc300f48f78def7d264d324

SHA256
d5962c888c842123eba2b9587d9d44fc30a2046ec1f92654d14ddc428914194d

SHA512
dc3ff72fcdb130a46c99be2dd4a938d113765d2077341a1025e6ecadc5d1b794a5e843d879204bcd8763911b66213034b0967369cc8cbaa7e94b430c707937c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
aabae59f1fb85a5a07bc2a047bff3e52

SHA1
1aa54a3467a2030d6a422927c978df3f038d1187

SHA256
7d0ee76a565e490ec48134ab4075321a427d6af1aab074cf7fc58a82d1321975

SHA512
f6fc28e5b5a6e76507642dbdbb2ccb564035ab2f7e6af6aa8b2022f0e013e2ee5b00722dc191ccd0bbed42c995eb980ce19b9028bf5fafd8bbcebea0abc9470f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
73246a1596a4ed4392614e674aec1ffd

SHA1
c1485e83bd75eacb50680612bde6f1bb4d7e131c

SHA256
cc8fa08a8404f0104cd621320e3d45ad1123b9d055bc07e06a721cba71f6ce71

SHA512
b49a144b458fc775714d4a69b0a2cbde61c5ba16bd2b0b2985196b7610521947a09529e4df41180ca40ce5c1560b14aa38be4d4a4bb28f3a60b85c5258ee6506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
41142f1e720fbd9f1bc3a5de6c9504f3

SHA1
19c1274ffcd6585c431f098e5e9caf3692a10ad6

SHA256
5f0a9c775fa8c2052fcca68cb7b1d7b11848f1eb54bc2bbbd1d3228d9361ed58

SHA512
d6e6885315ffef3622f1aeff2ef52709d667951ae1bbdc401df59f6a4ffa1e8c3b228523334cb9218e8e90aa5b88724e689784c6f70b3455612f7f8c923bceef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4ccf36f8f0cd74f675cf9dc1feb5fc1d

SHA1
9d9454d96b4af714246bfa7547dffc26df72558c

SHA256
11334fce9bacc9f9887a323409c9c808944d702d1a414a3166cf72a9d68e6d4f

SHA512
e903a4d509c911af8973f3a9dc73516b080734806c8dacf6e8540531e6b108ab62b9d88be6ee46420576ef1c7f9a90e2b17b021ab22d473ffdcb37bdcd558f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cde20432cc53e8c9690ff3141b498570

SHA1
5672fe598ac851e4d2b1000e98f7c8d53c1fb596

SHA256
1df3953134e8f94f0e9bccc4f29b8987ea464de28cb10101d44a2009b4a57734

SHA512
8e4c31d1087940ebd1cfd9040330475438715414586f0f9928b6b24328839133145102579c2222ff370dfc2b90d48d3193185f85868d6b545c051c59d75e121b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f8d79a8172e917fba9169d777d1ffad9

SHA1
5edd701d0e10f0cd319a72fae6249c33a7485289

SHA256
d2d0d43637d0e51f8aae744e76e042f7331b122d7dd0c30699e75254f29307f0

SHA512
f6206ce457230871705e8ea7930bed1ed9cdec1cf6b308f79c46674d452e7fbe665afe2cea8fcb39a42459f35672226b71a9c4c8cfc59df3c5eda249aa4d7834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18ca412705ce8c15de73d8ecf742a9c3

SHA1
d85bf2f3045211c013308e34da91a6ac696d27e4

SHA256
7a602bcd78b819f90ad02585b71cfa93210f68d3e5c33ab927d577258117bccf

SHA512
ae3a4b0a253096a9d97f90247ed9268a1b84977e06483a8427d4e348c82c41fc0d4b8b0091c7541c8f21c01ec3c3b5d28ec5d54e68eb4869f3f7345f5d02da9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
89103eef63fa2cd6215457cbc2cb47af

SHA1
6e61f84c3feffb17ac45cb6a8a799cb620b0345a

SHA256
4c52ca24c1209cabace52b279c20990abe450ce66a0975fa7f8ef553e85d6a16

SHA512
0aea19ff3f260a4193f050d66fb7ceab1cb90662fc922a0e277063c2ed5a1ec8fba074b1742a37971215f0fd743d09d06d5226e5c056429051af0aa4acf70877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ea68c19a37fe751987017a9a4268c0e

SHA1
2dc6912776e85d72b7b7976360f4e8ae527f8941

SHA256
9b9050c13e50390b952d323d6b10f864d54252ef1d6e5b5ab18c523df8155d26

SHA512
e5e3c5fd7efc081381d892b0531ab5992b1cd84126f269b9c2682264951817d57c6f68bc8d6015b6b0f43f6bda9f33f09901a48db5357ab05b3d3a846fc637d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1472ffd2dc9e0a5757402789bd4779b

SHA1
4d9ba1c45091569c6e176e28886ef4e8cdeb08df

SHA256
9173cb291f05c033b30db9d66f9bc1ed8ffc46c3ac2c12e30bc78da3b922c87e

SHA512
24014c925c1ad07e1990cbe8356f9dad26304caccb82a503436edc31b123cf90351dacd58a31e2606cfae0ed5a5c3e3c7774ba59b5772543f1f8ec6eb281fc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
129537d3ef3af533baf6d5b6b336c5c5

SHA1
acd49e2908c142edec32ad93c3ae060a31b81aa8

SHA256
d124cc692697a3d3c4a6d293234f8d0b49ed3994dccd19debc1b502a247e3816

SHA512
26c850feedf14c60572a0cadb08b2b4b43be91c9671d81c6654f5c94ec04e8f3e50e3b096448e7a3468a09628ca4c5fce02f3398b85e5a9805ad4c75ab4c25e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
026efd61186ba26cc8527f4812d48c23

SHA1
c5871b6676fc8e6e4f5280e064bc58735b65cae5

SHA256
c1331248d0f490c5198986ddbee9e4b941184411c9a69bdac5bcad04f4f6eaff

SHA512
f437981a58e269a7b1c423c496c8e8d9e630bb579e523f5df69846f3dc0e7ba8401de87d41bd63d45d34ec9ca8a339a9c25050bb08b21f1f9fdda28d49410a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
686426a3217300dcbfb66078cd5ed7aa

SHA1
1ba36b5742279b0b502316f3bd5c3b7785592a83

SHA256
9efd71972cf2da1ceda3c752ba9ae47534f91f4e33ff861c61b919b656472221

SHA512
db9009d1c2c0ddc49aeec8ad8de1827e8d1b538f4cf9cbaf8660a54b7f15f7ac99047a390bdbe83e50136c7329ec71051292c500cb7bc9d659ed291c25e9d727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
633199d76dd3193753173120b2bec85d

SHA1
bb2f44495f6d18c8af9f50a62cbc4ad7748afca3

SHA256
63ca779dfff4e43be37b33dec3c149e8168e0c9c5ccedbe1772534f85d6a5c7b

SHA512
5399b625e98d0848db41f197454bf110d5f3a252762fc4f4863e10bf4864a0fe221f8f654f9c11dd42635224d2e32b211acd5fd008a7718e7d986c0d484bab29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
a97724c1ffd676ada049320f8fc89b2d

SHA1
0c73982ba0d6dd766cba3c02d4815bb599f3a890

SHA256
4b16378e32c6ce255bacca244573b21b5d0d4733a973d37e2ce88c67220ca089

SHA512
625b6e3fbf8a8c06bde5411d3db7da5806375d31efed6a260465b4dd24083a3befe9b948c88b5bfb531b55ac65efa43bfa1e70da9191748be0fdde50971eabe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
d55bf68ff2ecd01850ccaa414ebed687

SHA1
b9374da2fc5c76e57ec8c59c40692b6fee9df03d

SHA256
c9a50a4fd3d0f7c3b2deaec3ae54c2bcb63565b45e1e01dbfb8e58fedbd1bcc5

SHA512
54456b57c10abed8e77ddb93e734eee7f8ea409553fa38b5d5ab03c991a1c29babfc320ba493794a39f13c5d8a13cf45715c37a565225d62c848d7bf4c5a9518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
d579d6c52c63623bdc65d290d1ccd625

SHA1
916b0014e9efaad77934ccec0f63af306fb0110d

SHA256
849cdc2fa1f0b1e4d038073478a2c771d012bdb07223b291a446ef06d659f68a

SHA512
6973c2456f53052d128e6fdd5cca329b8600e2cd68f8825c37bfde451bfb6204bbfc60a177725a48ff535c023cadb29ee862ccf2a02a446fa199b57be0a0cc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
ccfad0db5be0ee3cabec9d000f6e0b10

SHA1
a553435e39670c1d63b8c61c05bf6295ca10661e

SHA256
06522df12f16e73d20efc2565c11b3a7018282007d2003a5826a65220f0646bf

SHA512
f7a56d995ec0097b7f0b8ceda52b2e9d2d1fcc50c047fee623725c6b2570259e6d276bbc77491f0fbd513e7cdf11fa893a1e1bfa8386affe24666eb7d590abbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590219.TMP

Filesize
95KB

MD5
3c71d37c271a20be2bde57066cc598ec

SHA1
415f9207d789feb84f1b51f37372d3e0a19f9fb8

SHA256
d0389899987e13d303d32489b12462c23b05a439eb37ae3f7aadf53fbabb7ba8

SHA512
2973ffbca0fa4d8a93ccefd9a89bb1a2cbc4d55bba4caf354a86498cc76a44512f963fdcb8ffffb0e724eebf775e777eabb91d9222ec7435e693e9a9f351b3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit