hxxps://trk-mkt[.]tason[.]com/CheckNew[.]html?A8PI9b7HGs1iTtAv24GgKOcbPF6qT1ciHFyceyuPwSkG==&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2=&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2==&UE9TVF9JRD0yMDE4MTIxNDEwMDAxMTY1MzMwOQ==&VEM9MjAxODEyMjg=&S0lORD1D&Q0lEPTAwMg==&URL=hxxps://drlindawong[.]com/xzd/#YXJvYmxlc0B0ZGVjdWluc3VyYW5jZS5vcmc=

Analysis

max time kernel
150s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
23-03-2023 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk-mkt.tason.com/CheckNew.html?A8PI9b7HGs1iTtAv24GgKOcbPF6qT1ciHFyceyuPwSkG==&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2=&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2==&UE9TVF9JRD0yMDE4MTIxNDEwMDAxMTY1MzMwOQ==&VEM9MjAxODEyMjg=&S0lORD1D&Q0lEPTAwMg==&URL=https://drlindawong.com/xzd/#YXJvYmxlc0B0ZGVjdWluc3VyYW5jZS5vcmc=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240840556208760"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4536 chrome.exe
4536 chrome.exe
4536 chrome.exe
4536 chrome.exe
4908 chrome.exe
4908 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4536 chrome.exe
4536 chrome.exe
4536 chrome.exe
4536 chrome.exe
4536 chrome.exe
4536 chrome.exe
4536 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4536 wrote to memory of 2284	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 2284	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4812	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4796	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4796	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3616	4536	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://trk-mkt.tason.com/CheckNew.html?A8PI9b7HGs1iTtAv24GgKOcbPF6qT1ciHFyceyuPwSkG==&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2=&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2==&UE9TVF9JRD0yMDE4MTIxNDEwMDAxMTY1MzMwOQ==&VEM9MjAxODEyMjg=&S0lORD1D&Q0lEPTAwMg==&URL=https://drlindawong.com/xzd/#YXJvYmxlc0B0ZGVjdWluc3VyYW5jZS5vcmc=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x88,0xd8,0x7ffeb75a9758,0x7ffeb75a9768,0x7ffeb75a9778
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1352 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:2
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=296 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:8
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4928 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4532 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4344 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4516 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:1
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:8
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:8
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 --field-trial-handle=1912,i,16443343209827889016,510587555604291044,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4116

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
9347c3eb9a18419bf2f5547034d17d4d

SHA1
81962961db79c7dca03d09a33b4a45b95271efc1

SHA256
c634d979a306cb1eb7711233390a5276570e2b5b32d1f37105f12939f870a55e

SHA512
051df9ebbe839aa3330ff33c03e487531a0e58011f116ac8e3f5e2b2e20a6ee4eb365a672b47eb86d6ba6c75bb1b2e3579867e7ddd2972b3308497353e5a0c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
eebd577c7f96d2a1ec9d9a3e8c92c2d1

SHA1
8d26d557667fe02a43e5806622bb211796e1bcfb

SHA256
c0f4ba8516aff61be40800270f1576e79f1cc4b79f80eeaa3ae7c6d17f748aff

SHA512
c5bf89ec36bc8f978821071e9ac75a52a0fb37f58253cbeb3897ace66c2ff67b2b76a49c2e294a127296a5846dba01747799187d4626e05bc764c33e4af0ea88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
fa9419ca47447f70d739493e66813469

SHA1
c0f4cc047af528d473faa67edbd41ab7d3c3727a

SHA256
939213576799627cd148feb6de0d05f756f5cb3e8da37abb78b5d59ac7039efe

SHA512
e293c07a0cb9f39fd50c7829da9ddb40e313ac9e9b88d8024d6bff46b6d864e97d7c8030f1e7b54e85e609c38c6e13e71991c99873cec0465bd1ac21401e552b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
e6c611d607f608c26662a948689baa1b

SHA1
9229b341c78af03d942afb5dba39cf25bf7be838

SHA256
f8f8ccef88645cd0a57a6996d4ad202046564f4e46501f17521b92e78bc62279

SHA512
410efd9c10851164200387fbced36cac9da67cfd9c737a8dc603ac6b4996f48978c4cf6b0df198d14587235cec19b24e1db4dc054c64477b9339d403859eb434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b916c159def9318ea8129a8cc9c49796

SHA1
de920312b312253f1f1e505dd474b5af054c6228

SHA256
3fb86947cf9582bd9da03eb65686a389080a3cb6891dabeff0ec4268ce0f2805

SHA512
fa6b6a2fb42779fa4929252574f8230f5cd2a790a44b3702b64228fab468d4f4de0878a0e186ac998a82452baf63373be87e96a8bb6c4eaa3a0546ac00f88501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
147KB

MD5
bfefb9737918f262fa5b7c052b7fa2a5

SHA1
a45d1647074d6ba437ca9f7f37877fc694b768fd

SHA256
21202e6cf40107261a485f782dc8ba37f2412855fa32fc29bdfb75c76e166194

SHA512
08b447be1a89bcfb7977717b6ed68f4c863c332181a354a1afba61f07fd40f43236f9f2258bc0b4f4da6512656485481eca38c9e5216ea4bfd410e26ee1a0e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
d93fbe676dc9306a9670b4981ec5d802

SHA1
3e7bad045edb26d5a0ccc53b0dac7158f7b55cd0

SHA256
fda6f40c4b0257dffcf4517481d2a2e795530fb294bb3a3256aa74e980a470c3

SHA512
d4263d13fa5055613d0d5c25e1c5ddefc4c981a101a66fa8e653a0c2e589a36370598beb5ba3f714a18f2492ca0977240f4bc1048e40e6bc2fcf7db47e231505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
0ffd0fbc0196df15949a5ea0ac540852

SHA1
0383d180ea7b8217d9d0fc1c5e352a00617f3f43

SHA256
086bcc7fb153627e60b1f1c24a6b397371ce5ff61e070c18fc686e27e56e35e1

SHA512
30cc35e6a91afe5e283fb0cee44ce1269b1e732ebd3e906999a2b104aafa3efe8d36c8c9f26ca65a6a7d9fbcfdb9d0e5e1c6cc2cd888f0efc19ff1c3d006c599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
b33ea23bbf932aec4441321212c026b7

SHA1
0c6ba8329b5588cd59859ed1142f4f6f019a6053

SHA256
ca7105aaf99b55e05c19232bdc73cc216ea5dd4c815fc3184ed927870d544965

SHA512
e62ea7298f3196dfb7b23b5cf1d3d1b9bf1c773b18716fc9dd45ae9f8a5955bf3d79ff31cc3f1ab4f739e02aad79ff53ac2e5473c9b518b546cc8ca3baae56d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4536_BPHXZCPNHQSZESQO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit