hxxp://url2564[.]mytmssystem[.]com/ls/click?upn=LnJpo41adq-2B2mLEdxRTFxaIavI7yADyRMyy3lOjFp42NrTmA88DWDLVYYfFvUqplpYrglACqVIgFkWjf7JTGdEEY7bavUf6JXar5pbj9N4fcbZGut5CL0UZNUJatY69UP5PNY-2F4xI6b3t6mEZqDkMBahrcAwEg3Y9dipQQ80ejS8rnE0uua-2BRCQT8EpmKZqzh5cm4a-2BUt9ISzMvY3jpi0-2B8Pqpgs4CE8z1AD2Sr-2B5I54UtyCqMkNhD8-2BqS3l53cwrukUubBn85N61fDUObbNqndu47pVH0-2B0k6OOpAcofe-2B4JWvKe33Jo-2F2Oa08U7Kz0tq7C3VtGLQOihunTpb5K8HAOvkXhrNt3-2BLE9mkl0uMd0YMpjadA-2Fvq9KmP-2FALJHm4MUw1xvF1M2djFiWuUhSVeM61Gcb-2FsI4iM-2F-2FDpZiH7b4sfm1cqmQi4Fhm9YOTrK9ewcgxyQGbrNi-2FScUbEokXg-3D-3D3ZzO_99UobnkL2iE-2FkjnaVLOx-2BUomW7EVCgbtRW0adXZ4x3KkZGFCGPU4QTn2ht63LnHA-2FsvhFjtGm0TJ-2B1wpfhn1nCN6d-2BcKoh7weqOMl1ieizZT8wIU5lDFKqJPJRSedeDmbLkpV1jUT2ociTlE49Js-2FsR6myjO1n83Ux69GRq1b0ECfht-2FFSB7PAebAjL8zMmYCMIGj3LVjy18g1MyRKBJ6q4uyYGnlqQsPB3QfvEn0TR7RdmJQ4taNouTq118cEUZwa6KwwoQ-2BIQ19OqCAGomCg-2BfH-2B7ZRsQkwTJXJ6Tm4jgW5Ed0v4LYW2hJrkFfSa5B

Analysis

max time kernel
45s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2023 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://url2564.mytmssystem.com/ls/click?upn=LnJpo41adq-2B2mLEdxRTFxaIavI7yADyRMyy3lOjFp42NrTmA88DWDLVYYfFvUqplpYrglACqVIgFkWjf7JTGdEEY7bavUf6JXar5pbj9N4fcbZGut5CL0UZNUJatY69UP5PNY-2F4xI6b3t6mEZqDkMBahrcAwEg3Y9dipQQ80ejS8rnE0uua-2BRCQT8EpmKZqzh5cm4a-2BUt9ISzMvY3jpi0-2B8Pqpgs4CE8z1AD2Sr-2B5I54UtyCqMkNhD8-2BqS3l53cwrukUubBn85N61fDUObbNqndu47pVH0-2B0k6OOpAcofe-2B4JWvKe33Jo-2F2Oa08U7Kz0tq7C3VtGLQOihunTpb5K8HAOvkXhrNt3-2BLE9mkl0uMd0YMpjadA-2Fvq9KmP-2FALJHm4MUw1xvF1M2djFiWuUhSVeM61Gcb-2FsI4iM-2F-2FDpZiH7b4sfm1cqmQi4Fhm9YOTrK9ewcgxyQGbrNi-2FScUbEokXg-3D-3D3ZzO_99UobnkL2iE-2FkjnaVLOx-2BUomW7EVCgbtRW0adXZ4x3KkZGFCGPU4QTn2ht63LnHA-2FsvhFjtGm0TJ-2B1wpfhn1nCN6d-2BcKoh7weqOMl1ieizZT8wIU5lDFKqJPJRSedeDmbLkpV1jUT2ociTlE49Js-2FsR6myjO1n83Ux69GRq1b0ECfht-2FFSB7PAebAjL8zMmYCMIGj3LVjy18g1MyRKBJ6q4uyYGnlqQsPB3QfvEn0TR7RdmJQ4taNouTq118cEUZwa6KwwoQ-2BIQ19OqCAGomCg-2BfH-2B7ZRsQkwTJXJ6Tm4jgW5Ed0v4LYW2hJrkFfSa5B

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232022214515584"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
852	chrome.exe
852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1688	852	chrome.exe	85
PID 852 wrote to memory of 1688	852	chrome.exe	85
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 1672	852	chrome.exe	87
PID 852 wrote to memory of 2908	852	chrome.exe	88
PID 852 wrote to memory of 2908	852	chrome.exe	88
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89
PID 852 wrote to memory of 3964	852	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://url2564.mytmssystem.com/ls/click?upn=LnJpo41adq-2B2mLEdxRTFxaIavI7yADyRMyy3lOjFp42NrTmA88DWDLVYYfFvUqplpYrglACqVIgFkWjf7JTGdEEY7bavUf6JXar5pbj9N4fcbZGut5CL0UZNUJatY69UP5PNY-2F4xI6b3t6mEZqDkMBahrcAwEg3Y9dipQQ80ejS8rnE0uua-2BRCQT8EpmKZqzh5cm4a-2BUt9ISzMvY3jpi0-2B8Pqpgs4CE8z1AD2Sr-2B5I54UtyCqMkNhD8-2BqS3l53cwrukUubBn85N61fDUObbNqndu47pVH0-2B0k6OOpAcofe-2B4JWvKe33Jo-2F2Oa08U7Kz0tq7C3VtGLQOihunTpb5K8HAOvkXhrNt3-2BLE9mkl0uMd0YMpjadA-2Fvq9KmP-2FALJHm4MUw1xvF1M2djFiWuUhSVeM61Gcb-2FsI4iM-2F-2FDpZiH7b4sfm1cqmQi4Fhm9YOTrK9ewcgxyQGbrNi-2FScUbEokXg-3D-3D3ZzO_99UobnkL2iE-2FkjnaVLOx-2BUomW7EVCgbtRW0adXZ4x3KkZGFCGPU4QTn2ht63LnHA-2FsvhFjtGm0TJ-2B1wpfhn1nCN6d-2BcKoh7weqOMl1ieizZT8wIU5lDFKqJPJRSedeDmbLkpV1jUT2ociTlE49Js-2FsR6myjO1n83Ux69GRq1b0ECfht-2FFSB7PAebAjL8zMmYCMIGj3LVjy18g1MyRKBJ6q4uyYGnlqQsPB3QfvEn0TR7RdmJQ4taNouTq118cEUZwa6KwwoQ-2BIQ19OqCAGomCg-2BfH-2B7ZRsQkwTJXJ6Tm4jgW5Ed0v4LYW2hJrkFfSa5B
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd46759758,0x7ffd46759768,0x7ffd46759778
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:2
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5192 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5280 --field-trial-handle=1832,i,458988570180405844,14393867663622843936,131072 /prefetch:1
  2⤵
  PID:1300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
9c6aa4bb8f008216f44dede1526b2088

SHA1
1546d908a1e3a1769672f38ebb45c8d4a538fb43

SHA256
d28e5e73a97bb86ab4056765fc783e947e0c9e3b7547b559c1657e3121227420

SHA512
6e97b6b728196035df2a07f03c5b67aeaca9b32437f999d195280dbd164697ccfde3c1003a57f92662b48910d466de8ca0df35f3481e6a486aa5e072716c6d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
9d0596226c185c34df27415a8dd805c8

SHA1
91b94b533b018e31957565c9a78c2c986f3ad3b1

SHA256
81fc35f2a7876864c2b541e34a1557fcf7aea2ef98a04e8f721528b680018c7e

SHA512
0fb0eb41e6a1483d62ae3337b42c3fe74e72dff52e453b23fc351663168ad38d13c9d62e6abe121c612b38fb1844f13a76c255b8407416e86e93147d4a6f9349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0696e88a9ffce539e66a649f32256dfb

SHA1
6f42dd530ba837b4b6dd83c6133db1c9d29d5540

SHA256
c2331ac497531c2a195f7d435dd173e2e3e944cf640eec317c2043ad0c90e187

SHA512
c66c3ad401282dbe8e7582eb2ac1f99bb5be73081c4302e33f062a8702a6721a849ed65a0a472c82f45f778d021bccfbd54eb166e8f5d66b723fa290e258687e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0abd6724c9fa43ad34b49ca648d48949

SHA1
ab1f50b76931dd7658d517fb7838925fef1144b7

SHA256
50ea13a69258dec94994642e1755542d40bb072e1299bbec9eae9bb431d09a6c

SHA512
31b7e4bf3b06fbfa5b6bea7f4b46b1b96aa5742c39c4977ee0927d40623e3097653c7a65652839d13e5d2bab02c58135b6cbaecb8147bfb26687383361d6ec5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe40a566-9b09-4637-b229-a72933fa23c3.tmp

Filesize
8KB

MD5
58b4a4c0c4b012d407c1c5921c9d6d60

SHA1
7ab433cf03770b9a62ac1adeb1e60c4520871c0d

SHA256
54701256de47f9e199cbda40a7bea7b645effe5d3a3b702cc08a17b4b338e9b6

SHA512
ecd869328b9a638a15d1161be99f0340a1f53c398703d239907ec55354c6910e1cba677c7511d26a26e0583728dd8d35a0bed7f86470a3d1a9e966443b59290f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
d514ee6e17bcece24d4d0339bf1bc683

SHA1
927403284e66502690e61ab1aff5201e8e57b821

SHA256
45f6a078e0a1e81875b30a46a3857426a5b2a7522047723a61f2c09b8c447f94

SHA512
0a47dbf2a04e542e7397bff6299cb00080125fabd1647cddbc2ad5a90eacbe43a909b79e3e47da67089e58df895f4a92ffede34387190309d1905d521b38b393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit