hxxp://164[.]92[.]143[.]229

Analysis

max time kernel
299s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://164.92.143.229

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342580795775796"	chrome.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
3996	PING.EXE
4740	PING.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe
Token: SeShutdownPrivilege	312	chrome.exe
Token: SeCreatePagefilePrivilege	312	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe
312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 312 wrote to memory of 2296	312	chrome.exe	40
PID 312 wrote to memory of 2296	312	chrome.exe	40
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 1516	312	chrome.exe	88
PID 312 wrote to memory of 2448	312	chrome.exe	89
PID 312 wrote to memory of 2448	312	chrome.exe	89
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90
PID 312 wrote to memory of 2724	312	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://164.92.143.229
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98ab59758,0x7ff98ab59768,0x7ff98ab59778
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:2
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2960 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4592 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1876 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4540 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5124 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1620 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2936 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5156 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3580 --field-trial-handle=1868,i,15385958805118375881,4300158320421773869,131072 /prefetch:1
  2⤵
  PID:5048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2108

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3100
- C:\Windows\system32\PING.EXE
  ping -a 164.92.143.229
  2⤵
  - Runs ping.exe
  PID:3996
- C:\Windows\system32\PING.EXE
  ping -a 44.192.193.227
  2⤵
  - Runs ping.exe
  PID:4740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c61ff19ef2c239a0cd1d7331a72bf220

SHA1
9f3d7a9b22f50ffe2bc2291c45d376163ee0db43

SHA256
58d56bfc4835c12635a31c34250111e3b4afdd3d9bfe84c51d7f7095dba2ec9e

SHA512
7ee7b11392665202056d6db2690383438669d32ba031c4d6c7432cdc17db696e9e67007158485ac8b15ecd808178dcd0910079372425898563302cf07b981cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2d926c88a665c6ad141678331adb470c

SHA1
532eec3d05596ae5780cd421c8dd42e83229621b

SHA256
f1fe8ccf2b7f08193c1fe8a6c4dd2a046060645cdf12d8d3bb9b66d43964b955

SHA512
a4c2d60308756b24d4db3f27dc176ffc49e3339b3d07779d3aa9d28c19f595b965ed8f0944c4b25368c0204533379750a5a44522f9c519e79a2428c2c335f181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
79ac8e56f6f64672a61abaf1b7678a27

SHA1
6dc50c6e510c0c66986b4cc26fc00a72a151347e

SHA256
cda9600c97df1b9a763697fbe1934708b003242b170e3db6e47a51a4a3cf9969

SHA512
7482b54643b3e0a4b365f2974ffa07fa49d427795b37f4558c6abc7169f7f2a60018c9a436d587f14230d4d4b42c6a133b6268e40ee875ced303fa2c5c60dfad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb3057afefd7d10bb6c37b8c8d3c546a

SHA1
fa13d25386d91fb636b76bfa01d308244e8f8b0e

SHA256
fc91ad37f2f21b27425c4ea3d3a72e81afd8f3848712ad26e8edbeeca4504da3

SHA512
28fe10bfc81dd21cc0a41a86fa667b5d46371710ec3a89a8e54273c35cdf9843423620b07fbb4c32a531508f699a03f4155ce2101027b5b55005390c39540c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1a84b9d0b93ec2b89652e8cafbc05bd

SHA1
ed83b847cb12206a90bb1b01601d250b3b729a25

SHA256
32bdd0028bcbc0937124dca926fb530d7b8420961ba8f42e6a2c57992c7f30ce

SHA512
ed1dcac7959c1aa47c7f09d14b6938195dac702568bbde56346fb7e347036d12dbcf404dffc86512745586f1deb011dc7e516e3e92a0692b90a9019c865871dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d680ee1ba6286d58518cd3a4cbdc031e

SHA1
7132e3c52c79e63282047baea1949adf5d0fd58f

SHA256
85b5142e8d757616893cbe0f7d5cc54a643afa00cbbbcf3aac18389f8e3de128

SHA512
fd398aa4fa0ad1e859b674887accf9a9782289e43527224c4888d8183067a9889fe73817653aebcd0fb028caba71b5933275bd60a5dc775bce7f768b658267fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
7e1798c0d3cd46e686384ea28827e886

SHA1
23a15c720a5fc20d6f49d3c0f5ad92d5f1381020

SHA256
b039d9925d5d77a8b711da2e70850a7afda5fbb1bf1a1c4fdc60f0389ff9e79e

SHA512
46ce4a3d263e3a8e26cb194e50e608172401517e43ec44ce805da713bb1a8e15c750b1c801cd4f2fd2b22a243d1a9c8f1de141ddcf76dfaa0aa50683013cb09a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
6405b7c994516680e07b3986bc9c5025

SHA1
38a390bf77dd1b49939962006224eca049af7c0f

SHA256
fa8748039999e1838a4231d025a955bee0c18ccd19a84529401fe31e656bddb2

SHA512
2b6b1ebd0c16baa7e7bf0d68937b0fca2f1e8f47cb4a347fe5101e816e983897f706a411d5994daf98670909bc7ff5cdb9720858eb36d7c8ab21dc0d1bbc64c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2960a67c45844495dc365658c3cba278

SHA1
f59a727ba62f87cfcf5d58e5398d49cca8804ae0

SHA256
3b1c5f89d1f8b4f71a52f24c500c4a9e20c211daa2b2af80624e874c03d2fc99

SHA512
099e8aa19b28544f1024a6361913c85fc48f5160457d7f885b3314cf9e79c6fc6474bee9a3fe5c524d7dd77deed4afefd3e2620efc770694a25d95825e98c0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
491c62a28fb5335dea9d09d84a6dd42e

SHA1
7e7b247e0487bce7fb30b2abd2451bb7bf78d44e

SHA256
1a67c7d93844c7e327de3af63c6ecc45aaf695a31a020606bb6a6978b1cf9260

SHA512
dc22797b3650e5648931f7a64807de7eb08e44c5648b6a362d997a3cc6a7ea6fe0c78ffd0aff41fc51e623288452227dbec02e25d31348aa640de3e8563893d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
b19e5a6ba7129ba3541c097a4973a19a

SHA1
c7c05ff6db46a4e3b9d7ebe21c14cf49f4bfca2f

SHA256
00f80bbeef84e7779739d05e232cb677bdac65acb673d1e9193d1add705f426d

SHA512
b50a7db46989b1f9fbb0d87acc39c2464807e071095c49a7049a9c391b43c57ea78f66a52521d0112016b0b01518a9b5dfd0d464d5882cd3aa3029b9c0cceb96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587a1d.TMP

Filesize
97KB

MD5
ff66ccaf013dc78c9d570fc448dd4680

SHA1
c76540994f45c022320e337cc9988cd761b09a13

SHA256
709590348f8adb3b833773af7b918e9893306c9559f366e5786b771494527c28

SHA512
883f93d6f2e8ec3f691e99c457b712bf6f006ad5623eb55bc214adafc28b02956891fed98cf3496317cdd6f940527929b3358c0db41e09407525062ff63f2a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit