e461ec03dde0ad5b6cc8e914aed83febb03957ea0a85c437c76c73f51568c818

Analysis

max time kernel
1800s
max time network
1792s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uwp2028274.png
Size

73KB
MD5

18a6cba8c00c050d6f8612f0cdad2b34
SHA1

dcfd649ab5afbee7e542ff81439410c139c33a10
SHA256

e461ec03dde0ad5b6cc8e914aed83febb03957ea0a85c437c76c73f51568c818
SHA512

9c365dc6908b141c2ac8baa2787630c7797658916b5b5680d0a2d66f56f13f6605f5e8bf499ebf96cb383cc815d4efb3abb6f75fc1f271ed09198efd9fe30fcd
SSDEEP

1536:N6hNqgF4Gouw9+xrcsxhFrzmhc2lkryS/COxXHyO3:UhAgF4GozExrcu/tydOhyO3

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133223476670563682"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{B39675B0-91D8-4D8F-A0E5-2F68BB5D829B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
5500	chrome.exe
5500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 4488	2584	chrome.exe	92
PID 2584 wrote to memory of 4488	2584	chrome.exe	92
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 1092	2584	chrome.exe	93
PID 2584 wrote to memory of 3744	2584	chrome.exe	94
PID 2584 wrote to memory of 3744	2584	chrome.exe	94
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95
PID 2584 wrote to memory of 4808	2584	chrome.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\uwp2028274.png
1⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabc3e9758,0x7ffabc3e9768,0x7ffabc3e9778
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5092 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4716 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5700 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3448 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 --field-trial-handle=1832,i,17303502370507463219,13911249001709663512,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
51KB

MD5
702bb8ef66b97d5200bc5d2a0db6e81a

SHA1
673386d33815c104cc0f505a0569ae4a2bff13a1

SHA256
1e69a3a6e39bb9db34b81e2ac1cdfd3164e48ab1124cf49964795c09be3e9735

SHA512
c1c0048df3094c75a8d70a28c61b5e113e133c312e8c7ea5916bbb938fedc45b6c01f7cde221dc3c47c6b9d44d7fb67281bf7bf3dd18b845c7b8f818c2dbc85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
108KB

MD5
98bcc8aee47d890c8944b3eeafb9860e

SHA1
9148ac9554bfdbf7bdbda9f57ce49e7ac153907b

SHA256
313c01a547cbb0d545456651a9d4d598207ef1d09a700ff078245eabe8d3addc

SHA512
ea7e4172df96f89408c922d2c69299f900f1c7eb15fe5c89d84f1a9c52c10f6e9c78782dfad0c4d25b8508d800ef3992f15fbf8fc49775aa61121b5d6def38f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
607KB

MD5
060eef8d5155498677392454fbfdc8e6

SHA1
3335a242443e02cf50eceabfbd7d6f0679bb867e

SHA256
66bed6ef99d8ab46377a218e74f4c45bb3c7dbda3e8d2fcad3dc8826bfd6bef5

SHA512
6d9cf52c6e248a3e78be95e704959b78a1cdddb93829d385c00382a83e0f6bd053c8e90f9f34d015e235aa86090a3fdd973b198145647825f45873f59e43fcb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
35KB

MD5
2c00ee937ab07d009c968dd8a3749f54

SHA1
a23e7315d74433f6bf60f09bc95f23eff46237fa

SHA256
59023beaa76eaea4cd6da205fd9bc7f8e79f8238f2b570a0e8f83071f76bb9ac

SHA512
604fef789121bd39894d40eef77ad5fa5dde0e18c2fc245db596e1917ec1232c490e9d54d7d327922ee45b15292516733e035e71c25941519d574a1ef8aa0513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91b354f0ebf75a13193b5fc9081b01b1

SHA1
413de677697effe147a9bff79f54163342bbf696

SHA256
8c7f98410ab9a58c9663ed20b80c0f277facbefdc6f8f17cf3eb186b516172f4

SHA512
f4185b3807ec0e4b1cde2392b91fdde4913d439a1dc8c15821d201f41338e3f1f080a774df5f1aaf238a39bbede836d9b46da8a2e8b9088f5d8af22f980305b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
285df1a720d2a279dbfedd9401ff55c7

SHA1
6f0d522dce3a5b6885dd8e6aecc67203601ab294

SHA256
4b9e2e8e20dfacb6f67416dd7aa1c21f3fd7f4a2472f3b26f14d8067c90d9b7c

SHA512
859289275d42d671d5a1be9e6bca9bf602434d3736f5355fc42ce11db3c7a892aa420ae91265401519060ada172a1b3475741697c43f52f1b3ef813c9e1d018d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
669f081451286493b7376b6e2514eb00

SHA1
9bc8d1724911e389ad02e2bf29fde03e0f88ae60

SHA256
fbeadac3a5b2ee841da5a8393ea58ed5952ea455ee3d7a60b441c6a16e4992cf

SHA512
1c2ae802536d7aa44233d26540c5788de9dfa8f1c934f8d5162a4a0d72683ea3add313b1646665b179df250edc6a900aea74f378f1ac5993ef4ed73d35aa4087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3defeb21a1a369586d962119cdd39a4c

SHA1
e8fddf1188db74823fd9884c536aa03fc08b62bb

SHA256
aad17d33555fcd49885c17279d73aa68a2189d1a2f1e8b0ef15121afa972896f

SHA512
f182ce24d3a4d04835bb2210d15404a79226aaf6a0e5c7075a926419241115a8cbfffe53ff82886906bbda2afe485cf4e5f0c814130763a324a5fcb14c96a466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8dde14a96b903aa85bf2e39c4c490cd6

SHA1
f54d33155b0a3a6fcf26f430c3110f3b28d16daa

SHA256
b7d0f7023fdf118a6fc4e48fba8912b266966d66811a3e6ad673b80456b2f726

SHA512
0c1ead4cd6cf0dd8af8a1a545427433f77d503c7645632c8dcf797fdd36d146659c87e0b57299cc611095de41b3aaa265c2a746d67e04a4bd4407c24cd232f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
47c15803eaed4eba0793a2b7c66260ad

SHA1
daac318b1aaefa2282ea4336caaac35a07745511

SHA256
4beab9cc2e376864bd69523ab4681d04c5f080dd56e861d8276b255b6b738bd3

SHA512
572399e92c0d46ce39d0e7389bf01a6270b42ae6fdb368bdd22a6ad41b294452f9e5c425cefc2b5bdf4629c3a2ce72e046fc04d92a028f6ea0ff7cbf52128641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
41137e9f27bcdba4b28162348bf35865

SHA1
83374631047729484064fb47a3efad1750be1585

SHA256
69368bac7fd7784dd3f1118dcc41b89f997b8131cdd943b288504b1443403d78

SHA512
be2ca9b05211c42b771f5152c86e0b66bd1f43b7ef6dc0c0a133ece5d48f9a9ec90fc4ad25489af36803a62c0069224bc8f973f9a1598ee87c86dc85a5c3b08a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
4911df5054245f3e7cac6478f866cce2

SHA1
1bcd929e7f86f59932e6b972f32085ad5793f979

SHA256
8e47add471e4a227e9b530f0358eca1cf2f2695926fc7b935febd60f79cf4983

SHA512
669217bb0c1751a2d2babf8351c4853fa9932904a9aa4e436546517d3e5ed19c92e2e5494fe1cc0d735ff0744c046561abe6ca44486a4138f523ca75ac988629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4523b874ab488ca2b3c682b9deb429f6

SHA1
daeaeb8317966f114ba1e9eccf7f7542f874313e

SHA256
1aff9b4dc335aae07315a730afb832621e2db8bc98ee3b8b72e10abed0ecf576

SHA512
2a3de7163d9533a42dd64ddaf8ff38d5cab9e32b75609da9f9a40a5fc0a9f3a3f8083848c1d8e48ee633bfc9e2b9b2ab02d9889788f6f4ca63ec3115f68b6030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
176d74087ef66fb33eb3a77611b253a0

SHA1
ff227f56ea4b2ab9d8a8364bc362e594aa738522

SHA256
ee592d859d8b29310d3c26ddf1bea6cb1a578d2cf96f86107eef947a47e8ea34

SHA512
4a6724b22cc08e4fbe5d3a73bb6e40adc93d5d72de7d43077494df7ac7dfde31c98eee571463bc5ffb21f9ab770d8e4f2c4db5019863c0228c448e983284a70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d602f1b2c38fb392a26263b425ca1ed3

SHA1
c8e81966333f1f6a421601e251e668a0347e4f6a

SHA256
570f07234a8f7f12ef190f5a4b84194607d23b5d251ea98d4f4fcdccc8f1bcf7

SHA512
45b62aef309e312c4474c314ce917f3574f21af59ff7df71cafd85a9a66e8cac75cb850053ecc06b80ee1dacd028df43a95d757f84a2a1a573028e0f1557059b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
75436f45e7db9f5494d4be5db104d3cb

SHA1
9e3bd657956de9d2045add16c668aafa70ef986e

SHA256
b8f01a73ce33f4d8c376e1e904d8e71ce0f632998a0311daa27980cf6e4a440b

SHA512
06a145f09e5c1fad20f1bc0ec6d9fc167a832498e0d4be94624d6fc1b4f0b6e149805c63c455fd73ca885e605e41a98d6cb1368643c3e09691fc472b631e3d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
08bf6934cdc78d5eb019ee57ca8ff523

SHA1
8d1cb57cacb19d8fb88d5ba4e922be21c726865a

SHA256
c016374b8969c24b82722d510f3750e386263c6a8ad0d15a00b5be7da6f0b6be

SHA512
07aca225f7bfe08be1386114e81e97baaffe56009296dad61177ab7e04394808ba867bb9823fbb3cc654ea388bd122e2dfb765bf1cc533d417567ffa3bb9abaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
fbabb9ab435d6aec3bbe38a3bd8517d9

SHA1
99740bd58cbae24ebbe88015a61ceccdb26ece03

SHA256
0eb8f1b2f03df33f0c57c33834d97113e7d2fdab1e2765e35420fdad43a828dd

SHA512
c24fd6e308a956335b51a0f8a319f9e8a950ff089bbafef2b78666f65b2c18b4d237c49a082ef2102c1399ac8065f7332abe5ced9a847ce1a7bbc36578acb74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56e4c7.TMP

Filesize
120B

MD5
0e084b4be6b272f5a57061e262396c67

SHA1
252c79a02b2d0b2eae8ac7bcb38e68b7da7d8b79

SHA256
f57e2d80cd4904191f739f2d93acc5d8125b61dceff2f91c44c5c12e4331d8de

SHA512
46de3529696e29d6424c08f05b0a23b238864ea43ae2f0672f22ed6024440ee12e084d4eb8121582f23d285fff7c7dbdbaebcec2ca0c9a8b85f61f70b00b99a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
1bc6c0f5930ba2e5fbcc0204c4348b43

SHA1
5b5a10f5bde97df3cca393c688b6dc5deeb68200

SHA256
24cbde48342ae221d03a8f01bb4e67d2ba9be155cefb111b6842c137a6ce7162

SHA512
c4c3eef90e86d38305ceaf9a30a48c33c489611306548c49292f932cf41abaea763240b2bef9fe3e16bc20b54a98edc313ad05c40ac5e5484d76feb53857e351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1092-136-0x00007FFAD97A0000-0x00007FFAD97A1000-memory.dmp

Filesize
4KB

Download
memory/3828-160-0x00007FFAD90D0000-0x00007FFAD90D1000-memory.dmp

Filesize
4KB

Download
memory/3828-161-0x00007FFAD8D70000-0x00007FFAD8D71000-memory.dmp

Filesize
4KB

Download
memory/5500-709-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-715-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-714-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-717-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-716-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-719-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-718-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-720-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-710-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download
memory/5500-708-0x0000024D837F0000-0x0000024D837F1000-memory.dmp

Filesize
4KB

Download