hxxp://"cmd[.]exe" /C "powershell[.]exe "Get-ItemProperty 'HKLM[:]\software\VMware, Inc[.]\vcenter server' | select-object -ExpandProperty ProductVersion""

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2023, 06:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://"cmd.exe" /C "powershell.exe "Get-ItemProperty 'HKLM:\software\VMware, Inc.\vcenter server' | select-object -ExpandProperty ProductVersion""

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133224737664437196"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 3268	4152	chrome.exe	86
PID 4152 wrote to memory of 3268	4152	chrome.exe	86
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 4224	4152	chrome.exe	87
PID 4152 wrote to memory of 5024	4152	chrome.exe	88
PID 4152 wrote to memory of 5024	4152	chrome.exe	88
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90
PID 4152 wrote to memory of 1844	4152	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "http://"cmd.exe" /C "powershell.exe "Get-ItemProperty 'HKLM:\software\VMware, Inc.\vcenter server' | select-object -ExpandProperty ProductVersion"""
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ffacebb9758,0x7ffacebb9768,0x7ffacebb9778
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:2
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3440 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4628 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3216 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4876 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3052 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1600 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2476 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=220 --field-trial-handle=1788,i,8454775976944594783,7055061794054209551,131072 /prefetch:1
  2⤵
  PID:4616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c11ed559a148d9fbbefdef850ce79b35

SHA1
0dfc0570d76d5e0665107197ae445c4ae7781933

SHA256
9054c6716451ddc6251a35db96d7c6b9aadfd0c896abdd8a2e4a61a15f67e11d

SHA512
37ba4ca2c945445f7cdc4e313bfc2a7253556b5f20451a23ac29db48b62e6c614ebc52014d74e24a2645993eae26165324c8dc5d96f2e2b79d6d6ed4270bd5b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
80b3abdeb06efda858ee634c6ae4f317

SHA1
f2d94e3071508ec4dac7e79e8a3b20962c436234

SHA256
b654ce97090b706c3d4044e8f9ba6dbd36f8ae744c37f1d5da439e1dc1c78558

SHA512
ea96ea273164b8b034e67f78179ec4fab7ce5cde224724373d7c69626d1b124fdb439a845db2fa4d84e64341517e06618b36c68d8e206bf3c7bc7b7deb02f527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f669f3e743c484e2a3c2896e96194b92

SHA1
fa251672a05451ee04e43c4845b900a6d4286017

SHA256
aedbfd79fa8f8f5366a6a294f533138705e25ee2b218734817d26428e6376fb9

SHA512
80cd7ed482c044fda14b8743c2db2ea0c9b88d5b771f74d6f4c9625966878aaa9dc6e3fbdc1df71951f7894212f8d782523e4949dd57862fdc5ba51b990dc556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fc6d805b52392fd6794ae366070b653f

SHA1
a0e854173d64d1884ae2680eb08237706a43a293

SHA256
0c2d150dadb015517197a5f4a2f73f974c64da075121b6f32cca2832303e1c5d

SHA512
4c3c775f78df22ed55375ba7610fc6c126aa78b7124cd1b6fad82a8dc0cbd6ec2f26e302dfb88b676f39e41d38dcf8b82775585f5bc2c21cff64ed492b558115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2317dbed11e3a91822d12f6465b6a6a9

SHA1
0ed759716086233c409836a757f61d772570025e

SHA256
ea6c4ce79f29caa1818dd3c0dcf360bf4fac26e2d935e083ea71e5a3e766f957

SHA512
a5e9b0f815ad67f1fe595f2d97b4a980e78d4d499b81e3c65bfb623f7b80f3a117a30046c32beea0e6a95e52962c5e448f67ab14f21a16bc01f234eddbceb988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fd103075f6262b84db3192d5665ca492

SHA1
0c0d7d7abceb17e4dbcbc7c30c01bc060b32f68c

SHA256
6e4c501223535618bd56952abaf55f5869e463b7699c9a9bec86a5c3d20001ce

SHA512
a0d062aa3c8a9f97f3d2c753ab160b4c1ebf9381ca2c284e0a96bdfc1b81146f92b4afd17a89edb3512a2980eb3682624ddf26e5ff57d4a50c2988a43b39ebed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bc9a41917d37a56d078a1aa3425942aa

SHA1
23103abef80707f9cd90090e2fef83e5a1736a0c

SHA256
7ecf99eb4fca29f9903761e449fefd1b5b375e34f08e57ae7bb7b74b89f99b02

SHA512
4ee1d7db409350322f9c9823837997a495197f240cb2568e9e2cf3c568d48a90f23f042d02fc306a6442bdec0881810aa9a5e92d1a6f8f6e364f40de14402c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
1f2188f48627f452f5b3141c643ee700

SHA1
20b3650cae19af6f0076e531d8fb30f9bb2aa27f

SHA256
deb832aa7c45e0d4bc1af12198d00e86ec9df84a18f56977a13b8743dbe1bd5c

SHA512
9d3be5ff6f9871cb89d71eff25a3e1706a27436fc4f1568b48f4ac1dcb16e973d88a25f92b2db0f37b7e29454914e2280cd851fdb6bf9abc41821f5e10266f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
54c0cbb4586faa13575b9d82b8dd58d7

SHA1
71d9e7bfce6404490d7da172bece9047bab747d5

SHA256
6919f80bc28fe9f03519ed6af6e214a8d3bad501a1c2b64a04ae914ae7eee8b7

SHA512
f91951fee39270d251e7aeb9f4e23bdcede776df7b31c720140525a8e0e5a9f0215d747d10569c1b1ef8095ff4348491df160aa7aa1af8ba6820cf5fe8e82eb5

Download Submit
memory/3992-285-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-279-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-280-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-281-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-286-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-288-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-287-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-290-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-289-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/3992-291-0x0000019E01310000-0x0000019E01311000-memory.dmp

Filesize
4KB

Download
memory/4224-138-0x00007FFAEBB20000-0x00007FFAEBB21000-memory.dmp

Filesize
4KB

Download
memory/4764-207-0x00007FFAED230000-0x00007FFAED231000-memory.dmp

Filesize
4KB

Download
memory/4764-206-0x00007FFAECFE0000-0x00007FFAECFE1000-memory.dmp

Filesize
4KB

Download