hxxps://www[.]dropbox[.]com/l/scl/AAAAezvdotCIfzv2u4t7_MbOK8OIGfSE_w4

Resubmissions

10/07/2023, 10:14

230710-l9y88shg47 6

10/07/2023, 10:10

230710-l7szfahg42 6

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AAAAezvdotCIfzv2u4t7_MbOK8OIGfSE_w4

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133334574689163044"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{CBCCF571-6D5B-4954-913E-01271786B70C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
3852	chrome.exe
3852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe
Token: SeShutdownPrivilege	760	chrome.exe
Token: SeCreatePagefilePrivilege	760	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe
760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 4448	760	chrome.exe	56
PID 760 wrote to memory of 4448	760	chrome.exe	56
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 348	760	chrome.exe	91
PID 760 wrote to memory of 4196	760	chrome.exe	86
PID 760 wrote to memory of 4196	760	chrome.exe	86
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87
PID 760 wrote to memory of 1544	760	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.dropbox.com/l/scl/AAAAezvdotCIfzv2u4t7_MbOK8OIGfSE_w4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940699758,0x7ff940699768,0x7ff940699778
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:2
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4632 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5140 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1000 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4048 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1684 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5376 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5044 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2876 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6280 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2372 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5988 --field-trial-handle=1920,i,5203083342876295541,11635931255463520883,131072 /prefetch:1
  2⤵
  PID:1296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
33KB

MD5
729179f3a9e95b0c5e9521c2b79db6f6

SHA1
00d0de1fda32cda2db24d3d9a945f9b563548440

SHA256
f5ed552c988f6204c099d51336fdf935486247404e5708c05cf996a10a8743e4

SHA512
08e8a3328c41a174d70f20ae1e592eb3d211daf7b4cb020053788a03279e8be248e6d7f02f6a98f31f9553b98d64cd9688c9f598c51ab8a816a80c9548129e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
40KB

MD5
d51382d81d441043d94ee30506fcb448

SHA1
335055e2b33fd0d700d0a6c676dea622b214f812

SHA256
48ad0cfa4706b5922e71274a5771561731444ea272a897487c7d6d4521771b44

SHA512
c81ebb472f4233c4b335dc8d7472465b5517e178b21dbe7326923ab15f120b1e880e71e0bc1882119da34d4abc9fa23464ccf973beebea676072727c67d67491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
27KB

MD5
99e8df015d6f10b0ec76e3468f9127dc

SHA1
ea2ae2a7e604106629c9b65f0108275536e0afcc

SHA256
f6de246bc87af00e1cdbd29a5a7be168554d2031515f904dd4022c48c21654a1

SHA512
201b4e7fa9406635a72bd6668affe1260a8a9ef6c7cd7ff3c2245e52f7cd00d2d8f55ee22e09eeb3e663c4ba7926770b7ba0c40cab4e08dd2f0e487c031dad59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
23KB

MD5
da8336dd18fa556eecb1759e20dedcfa

SHA1
a0065e875115cc2d9d8eba8c39cd03fc65388140

SHA256
6b6d91caf4ad48e30170cdff651362fb352c136179b60f9ae4360e98a49766ff

SHA512
f35a935ce6fbea825c297896a8d6c79ad64667f5b9d6b945f0a90e82aa19a66fadf57008377e5a0bc448e350ebc0aec1b78a5c782a117989630c5121487af09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
18KB

MD5
a752feb144d4fc153f7fbd92e681256f

SHA1
0ebe1731dbd6c6c21e05e6adf8143da03b9f4c3b

SHA256
b5ee8bff1fd83bd0a82b6b4cad3e61af9a4492506f7ac472d05e5425406ad8bb

SHA512
5c5a8941bf06c2e4f505c5b0991563e6e7d38b1e304a68a0ee0bf24e3b690e7c0ee81475bfe26dff1af02017806e57f2625773d60015851862264fba241170d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
116KB

MD5
6d17604f63157a6e994126d36bb00247

SHA1
ecf738e8287453d71aa6ac9366a1344f6c19533c

SHA256
46e7cd3f67d830ee12f6200eb10f6b84119a092234d3f8ffd2486e97925f1b3f

SHA512
c5697c56e7c5aea5f6b60074460afd193620fd07328683a40c94bf359fce75b917b2af09ca9abc3373c2eb4791ef287a1462148cef8930d36649b8ec6def4083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
53KB

MD5
ebee194a9b773f166dc16096f8614aaa

SHA1
9d6a893af295c90e9e9792d7e54a80034192255b

SHA256
00f90db31f42975fcdc5fa1f70660568be68792ec11be2aac36362f435a6e555

SHA512
b1e67f381c8266ff60e09cccba6cb17fe0df4cc8d373e15f20f14b6e8c2f6bab4c0e91163e57c3c2f4593ac23512a43b2129caba1945870be4493d1def2ddcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
53KB

MD5
237aad684514b77165115300a45fa3af

SHA1
2d42d9fb68a83c98693a0d966d229f5dbc3d3a72

SHA256
40d852f2a2082060963bf762ef7e69a938d0b8acf3885de575594c197e6f16d8

SHA512
731b5cd8237997f2b6e2fd99bc95456e6d0d6881a3ab90a243e76c2f825635798a9c6641207ddb59b217a16449f8868035b612dcea0ed331f9822c18ae68a185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d0a470f5d81885ce37fab4d7a0f10ae

SHA1
7d4901bab6051a22378fde6b6d99236b0ac89e1d

SHA256
c6ac6baa64d10d86e1c1239128041984586d5b425530ae9bfc3135a7fad70a62

SHA512
d18b443d2d008b5980bea1fc200e43074c2a54dc232ba5e8277f37e005469620695cb3a6b47b894c60d6fed922baa13781ac440408111e45fdddb8a599e2edcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_usersurvey.dropbox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ef95cab0adc51b033f33e869b9f57930

SHA1
b7fa6b4b3d918c870f500d5ee67429155449e002

SHA256
7c23d9254b912661a07166bda190f6290cc0756481a2f846ebd3c05834d1686d

SHA512
44f2c5c09d13300dfcef47e7974eedeceaa3b502a6d163e926d9ac64090683597a84b3e12716bb6f4008184ca93e55a9871d89ad468151f1ab25f012c1569506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
79f9a88d6ab38d31b699227db62f38e0

SHA1
567a72f330e29368efff7b168b8602865d6b7daf

SHA256
e3f83e42ac8b131d6e9461579d3c7f1eb67101056de4cab56e2af84511a32683

SHA512
952025c7b6433d55e77660629da59a8e419c1da4b758f03f1b5a34f223612095a55355e0d9fe4c05deeda69dbed887f881762e97b5c85d9fd119124f7abd580d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
3533d8b3fbef584c5b3722a9e7b8debc

SHA1
9b5f4865ddf4866a1f385cd5632b765554b95304

SHA256
785b123b1addfb36977e61e5fc77983031d00617eadbb17c384183db0282d403

SHA512
f4a059df5391906c7468f536667d8fd981a12b8ab3ad9e86675260b261561c746a7415cdb1dea15d49fbce0d248b3ae1e1368f7509c1f8c62cce137ab1628086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e98f597a8927926644039af68cb3f862

SHA1
4429ee0b2bfc0aaf8be91faaaa175c5bc7620b1f

SHA256
b5192f930a330a451c0dafb85a6c693333aa9d5ca827723a5008d34106fd8b5d

SHA512
2c8cf491e1acd0b49d4ba256ee5fc0912232e07f9629daf8159ce1c54c4208aa7efeba3b6134b99a541c7e9cc75810eea85862b1c08018d872ab965c1d0ac860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f001e0284ce0e03080efdb22935dd357

SHA1
acb8e108f02a26a7f0d6284d358349fbc236e949

SHA256
07b6b85368d64087037597748193a68bf5d973e5b3d7b0d58ec6779800515cb0

SHA512
3779953dd4b8a1cd9f971b92c67bc108cdffce16b1459b6a6698ff4f01a48765960ad5d38397a024f9813068e60eff947ee2e824804515b353a30ef215bec881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9eed64aeb94aba35ded34a70ebae9300

SHA1
b55f873a15bee5388e1dd7affc3940fae8e5d46b

SHA256
d8c4e75881f81c3ef14fc0efa6c521bcce412fe52a39e5a6c93b8e79f1aaf474

SHA512
b7be3e8bc1abae47f4d669e15b070e7b0026d12e0a2b1d7ba3596fd278d015ae9d41a604eeaf3ec96c943650722ef11332f96353c89aec7f971dba1577d1d637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ed1b86f450b400f188bca1d81957e742

SHA1
f6c909117c3487a3383baf5d2db580385a83479b

SHA256
861b6c2b83243ee3768bd4803563859605c4968947061ccf2dae8919ab94145f

SHA512
f08b3fb10d54569e8ed6dc8b7def84f173bb640046c9de05e97f45ad2d7097196b7742f905a3fe385bc3a4b469b201acd16ee625503bc0c9a5b5a3e77d773006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
00f7230efa27cf56b1f8d9ff7c3f8420

SHA1
a1163d7a8e45688963c14c78cc3a1594d9079df4

SHA256
a6c49519b557da6ae643e28380d0ba3941602734a1fdabdef64051958a84d9f7

SHA512
ec8741d5f3c82d4833256a3388a05e203b20f851beff6c371372c95477156449f9e976ddcea3060ca5cc404fbbf29aca187d01d2c1e133dc922956adf2095972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5ccb2568df32293b4523fd9c9466be3d

SHA1
358b8d6594da708011be1a2f268234d226451a57

SHA256
06382c3ff5600b3b90e6f0ffbada4f532e7534063ca97c89bb507e13b039f707

SHA512
f6bbdfc46415c4d0f29cdab55bee5a047643e63110ce5ab309d67e283ec41201d38bac3293aa991e59d62c7c57062f18756c5fb84fcbcda2ec2f016bc11c6fdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
07f18ed0a3b1c7a55bb2fddf9d32359d

SHA1
bdcb09752e99cc0c8433a212200dce35e8159440

SHA256
331580342221e7a63314085e8d54f7f8f4caec3f620e07bbd7fbb2b26d202c83

SHA512
e73ea89c2a59af8eb232571b101156f12ab51ef4ecd53a5db37a25531b895ec86daacdfa8cba75050b3bb75fc5efd33e74bd5ab3d7055f2f05a360b6cfb9d8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d102e4d8a94fcb5cad5e2f5a7ead2e3

SHA1
ae357fd78e19994bb0d24f69ebfcc495116463d5

SHA256
b2768f1209da3e29126a446e584ba3212a89e51899991ace128811c9b2548cf2

SHA512
8bb10b0c999082165862ec96634f71ff1c0d2ad2d37c8e99f693e1d0b988a1743627e276672b4f6b88a03f2551156257ff831b0af1580945e639d63e11859afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8529279ca5bdcd29390f6c49ac08c69

SHA1
4e24368197d882939194a7cc97e2f3f8b0ec3874

SHA256
153d7146214c15a874e492ddfdb280bd4943631255e732a87c9c6222c03a44ed

SHA512
b0cf0bc56e9ee8d1dbb13bfdc6de8dd94a3be7e3adc90fb3e83e0d6c30cb0d211e03434dc3f00de38f9789cb1c58259651c392cc5609af39997e74001814b854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0549c95db447008a2fad07994fd1477d

SHA1
8b9ace944f268fd9a8ce0f53ab8b4b61375f559e

SHA256
ce29d15bd7891d0bf3159cb64c0f39223b5935dbc4bf4dd2ed70f29c9cd39bf3

SHA512
c3ec75ad111fe16edfca18573c66fe12a852871c50595854f48aab60fb66be058ce0ab7d175c2aae87038e32a71019bb3fbfac6ea3a430c021c49ffe1608e388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e7cda360e90e4b830d3e44bcfa4b4409

SHA1
e676a7c978e1f307c8d935256754c68536014e44

SHA256
ab4043f262e758c0a39fba60fe62a8ab4cbe9e58e7207529a3a032d3d7c3bb27

SHA512
4c10c18b096c09aa08d33eb6e0e6ee7b4f11615d9f1734794f38c86e1a03fd474820e2ecda391f2556255061c0fc2b8fc38337a67952c55dd732e0f3776bc81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c6829d6a975bf66b4aec7a66413f8d2

SHA1
166eeda645c0887b771c5011a6f8ce79d6efb808

SHA256
e991d6d126232bd0a9e8d8142a30474be34d5be3d4aad441b35e9741addebc58

SHA512
bf13e155a11fbd91e628808350fefc5cfe8dd3140c78fc9bb4a1879e7a18cfa558366d6077ca9cd7eb1cdac8cd983dd87539a5b52f46e7935d1b489d610180bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf592e65d338cb55a082b1d0f049c333

SHA1
33b08ce31d11850c44cfc9a175b2570a3af412fc

SHA256
39397c394aecbcfe11eb3fc5e3071aa94e24e45d8e82a9325c738019165525cc

SHA512
1d64e8057f6494b13ea444fe98592fa9b00f95ae0d4e7e25425244340dd9769f5734f0a5f367fe460fe4afa5c562eb6cf7382c7d9417904e195a9d98180044f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1473c2d2e5c524e63b92239565c9ebc

SHA1
d7a63ef79d4df46308f08d3d858c0b03287d3734

SHA256
f1f805654d73b669cbdc3bcb1c0d8e385ab23808d4e2c05592ae3c2b138f8a9e

SHA512
573e39cc5e467f82d88cd20bf06931e096f11a215bb3d3b8ac2cadfd48ea4d620a517218f6495c15b050f606c6050b9135e18eead26b51d9303b0b8baaa8786e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4d3fe5ad6f2b87e3764d1aadc8c2f8b5

SHA1
85ee11aedf0e861803b246e696e8689f54a218d0

SHA256
0b299e40bebec0160b464dabfa4c8ef485392cbd5b9ab3b105e04290f21484b0

SHA512
b8961915db19e4604b5deb63c1c1bf317a0f3f0cbcd77ba4237ea28a145b36be535a6734c4b117ab320410c736d643a71259478dbdcec712162a52dd0aa452c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
1aa7dbc08fc1dec19e376d50aa1a4605

SHA1
6bba6bec68cb9be6563d984ec3478f0aee258437

SHA256
85a45482e7e69f38052704335a4fc1a52be70bc107ad2b2664b2b4023b264a84

SHA512
9279f13c841b0b2cc2a870251b21ae76190cc55477452fda9ecd776f1f2c8ed31faa8b2b81988f062265bcd16b2b61263d335c2e88a4efa679a8bc0ade10f3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
90258770d3de52ae81ee59eb3b9e65a9

SHA1
f4964ff39da56625540d9eb79c8364e51f8f4ea6

SHA256
4925ac96378b5b64d5606f07c44f454a956997011ee626c82a0b1aded1aae054

SHA512
daa8b3f689f7fc5cf9130f795e36f70c9a040ce782dbb31f3501a37478a588fe12256d36cf4038ca717da3934c839eb73e54a7af4969571d3bcc511a2d1b8fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit