hxxp://email[.]sent-with-sendvio[.]com/c/eJwEwEmuwyAMANDTwC4RGDMtWPxNrlEZbBqkDFWb5l-_j4upNnpHWooNOWebEYJei0TbpLfaGAJXchmkNx9jkuYDdqdHCd5DDQi5t1YfACTYUmWbI2KCBApNjUHEMU2Go5vQcp1IHE_kqXYTXEoJ5p3GpreyXtfro9yfgkXBQs-D7vEZ5zG3c1ew_NOt3-Xevt-T1-BRoRkvWsct8_l-6mvsso1DHoOLBYPOxmTyLwAA__-zf0In

Analysis

max time kernel
299s
max time network
294s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
14/11/2023, 20:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://email.sent-with-sendvio.com/c/eJwEwEmuwyAMANDTwC4RGDMtWPxNrlEZbBqkDFWb5l-_j4upNnpHWooNOWebEYJei0TbpLfaGAJXchmkNx9jkuYDdqdHCd5DDQi5t1YfACTYUmWbI2KCBApNjUHEMU2Go5vQcp1IHE_kqXYTXEoJ5p3GpreyXtfro9yfgkXBQs-D7vEZ5zG3c1ew_NOt3-Xevt-T1-BRoRkvWsct8_l-6mvsso1DHoOLBYPOxmTyLwAA__-zf0In

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444676946701529"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
1212	chrome.exe
1212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2992	2300	chrome.exe	69
PID 2300 wrote to memory of 2992	2300	chrome.exe	69
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 4404	2300	chrome.exe	73
PID 2300 wrote to memory of 2408	2300	chrome.exe	74
PID 2300 wrote to memory of 2408	2300	chrome.exe	74
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75
PID 2300 wrote to memory of 1216	2300	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://email.sent-with-sendvio.com/c/eJwEwEmuwyAMANDTwC4RGDMtWPxNrlEZbBqkDFWb5l-_j4upNnpHWooNOWebEYJei0TbpLfaGAJXchmkNx9jkuYDdqdHCd5DDQi5t1YfACTYUmWbI2KCBApNjUHEMU2Go5vQcp1IHE_kqXYTXEoJ5p3GpreyXtfro9yfgkXBQs-D7vEZ5zG3c1ew_NOt3-Xevt-T1-BRoRkvWsct8_l-6mvsso1DHoOLBYPOxmTyLwAA__-zf0In
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff4e9e9758,0x7fff4e9e9768,0x7fff4e9e9778
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2004 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2572 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2564 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4472 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4620 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4244 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4640 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4632 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=876 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2600 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4916 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5084 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5560 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1460 --field-trial-handle=1672,i,5327449482328048096,16262988094338093617,131072 /prefetch:1
  2⤵
  PID:3076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5f80bc1c35ad69f6f363ff57fefdfb63

SHA1
31517433f3d1a64bfcc5ac984cd53128583e6291

SHA256
0540b058cce0039292fa552ec377407e5ce3dd64c7353ac0e4b1cac53434ac35

SHA512
a59333f12db5b432614d35c564d2faead422b5ffdc253bd92533a4d26e7978a5be9b268505a8226752034ef1255bc3c5462a10fe7de154546f4a44d8a721b6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
379d3fae9cb4a31f7cb65a1eb3deadd3

SHA1
5c5b727c15e1a4e49dba5dfb2235a732ee47206b

SHA256
46f839c47352fbd88556ac155c8ceceead0e5e2e30bcdb07473cfd79d69c5f4a

SHA512
1f1db2168e4a01ef9d0aff37104507900bff4e1ffe3e38d3c62135b80e7a6fe004cac9a27ab25e77c19801f0a07f4e4bae4c24d9813470c7e3ba3ffc60244011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ecc24b943055e6c6338cee77c0c8c891

SHA1
27d7f4b413c43acd02215a54b17d3e78ed39bc75

SHA256
65f8bd28a70c830d9a5b00ca79d64c49122e7e53476d6db355620f99e5333721

SHA512
ee990a23ee7186b1f9343d7952cc2a4cc07423b4630e6ef1e827be2cbf72393d1344aba18551649ae00ef5748c8ffd575412a231c8fb9de9131d85d9a63bc8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f8e7e67a4457f53f0ef03954fbf4b834

SHA1
0c15d2b241ec5afafaeb1ae4ad9bc08a17dd65fd

SHA256
a1cefe7e01219e0dbc7155e0561a7b98f4eb9c9e2187f7581b2b1aaac721d651

SHA512
247de1a2f3d9fa0da870e11d434e64867bffdc6ddcff3a07b9a7d119b4514b1f6c63e6ad2c24b057193e824163578470c34c19aac4774d75b445afe3c6f03cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a4086ee7672b0f749f93ab655a5d5db9

SHA1
f1ec150a8840095612886abde22cee3bed83fcbd

SHA256
6e3ceac86003bbf3d6461cf84dffe7aa122ef056ac02b578cd3a6743c422f473

SHA512
13d0a5323980603c10c330e14f5978dee1e714b5a835c41962ff76743f161105c9710dec575bdc052aac3773cec65690567c58251295e00732664a1d95de501c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c42e979f6b5d19fd0509a934e68eb1c

SHA1
285391a395652fbc6c02bb4162af04250e1ee684

SHA256
13b76847a7bfbfb9ed54c8c9b3b0772d7ce3208d60c8701b9e70506b54bfeae8

SHA512
69a305af33c5531cf44b72362eaf824d771db2f16565bb2401843887a8ad06057cc65a2fcd112d00fa948aa91fe1f3c4dfa70a3e72b82eebc06006494cfbbbed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
000ea88dc47986f4b69af52624670099

SHA1
6951c7690f3b0b3da7753e709821f69b21c4487a

SHA256
a69abca824c04a06071e0b1666af409569b2b69266e2610524443211b84c4990

SHA512
6d363ccc4654f8e6d20f28398a97c8e96e74a43694263ab5a38f83b63a2991684e9b1fc621dd554858d680f323e2a53d704300ab08abc721afaafbc3553183f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6aa4e79d4a41acc3ec1b19ddb032d43a

SHA1
6c50718bb9d142456fded10d453ebad27b8262cf

SHA256
a9c36e6b11f218ca419cc84ffb7206d4afa3168d126af38e478a77d8f3227302

SHA512
e60153c0b3fe05bedb2ff5142068091261342b5620f8c23d84bddef8fcdf07e8f0c0c126941587be0870e06e31dd54c39e48d49726e8f2ab5d75cbf558941549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
972fe709eb2d48169ee830080cff4583

SHA1
37ccedef9010f84505b3f1ea8e22f115e75e9909

SHA256
3386327e06b042d73c420304a615860cc3b5c3cedaa83efd53b60faaec4f0e90

SHA512
99694a7d40d81e40bb6c760a5ab07ee65e742e5f89fb12111d5ea529e25194057f33db9715d33ecc507f3c2502fb84bab9faf9836db53058900dc584a99c692b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
b95123c8bc0324369f9d28603bd6af24

SHA1
d2bfcf8d3ef107dcbe5e09a08d28db5e1596167f

SHA256
fd0609d7a903a9630ad81496953415dc9eadaec11354a9cc8a9c1fd693b5070c

SHA512
e8d870e241cd487238c3e95e9f53f12ba939c5cfd5dac3cb30e918846051d7908175c54d7c93ca405e9d455b1340194ee7202f6c39d3349ca6948782fb4d7e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit