hxxp://familybusiness[.]net

Analysis

max time kernel
301s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 14:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://familybusiness.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343377649897192"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 408	2336	chrome.exe	28
PID 2336 wrote to memory of 408	2336	chrome.exe	28
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 3124	2336	chrome.exe	91
PID 2336 wrote to memory of 1320	2336	chrome.exe	87
PID 2336 wrote to memory of 1320	2336	chrome.exe	87
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88
PID 2336 wrote to memory of 1780	2336	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://familybusiness.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd30489758,0x7ffd30489768,0x7ffd30489778
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4724 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5356 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5432 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5740 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5764 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6124 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5800 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6416 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5964 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5504 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6068 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6264 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 --field-trial-handle=1880,i,10233623342721404271,6427670573037753843,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
171KB

MD5
92f0bb21de86c6c660bb835f40365184

SHA1
ee7dfcc9328ad0560e1d9fd6a035b8efdae3d7be

SHA256
3eaea657e2d8557cc8e98102697e4fb358abfe10b4d95f8dd5cafd1585a2df82

SHA512
f52731ff5972853ab4cf84edb84e18373656f77a3ca1054de48ffffbf452f77e930e5d15e1c6ed0268ffc6bc5651a5c754d237c86f73e40e4848b0f57c91d1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
44bb9ef108b1e4b794990f9d02cc83c4

SHA1
84812ab8b2b1e8e44805a8d93b46458ddb61831d

SHA256
a77eb70278677df4d470abbb53cece2cd634eefb2be9762f122f3bade6cbb5e3

SHA512
a8dd13a53628f80238b7f6bdee50d6aa615516eac7d6e9461642211726264463ac58a1e3d5d2ecf971a9767b05ca581b6a075887d9bef0a7edbf0947b77ad84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
306800c1f16783b1fbbb3962bfa5d3e4

SHA1
85782ab251c6087ce3f5452694e360cd51734c3f

SHA256
ef038c3e39938a65c3fe1cdf6a70775678223c11e5f723d1e409a64838bb9ce8

SHA512
ddd8102d10923d73822f0f9b868d6ae6e534abb8380eda36ad6dcadc7d1d347475b37c059a37b19c263614f8bf691857b33fbd26bee6c22f57d774be65f6ad44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d86d6968c3e50211943c25f9be5937bc

SHA1
c370238c8d6b77b6a3a529ff334afcfca8029881

SHA256
d0add8affca71e5ac9e0f884528b5f970ffcb80113c7c61d70b5881d9568c7b3

SHA512
9a037a9abc5f41ad1e204efb46e17ebf594dc95c7761d97260461056bd54214bdb16c2fdbc6697bc54170fcce318e15cef4cbdd1c62e6b268f37247d7d385175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c4e0877e9169742adb2fec2505cffefe

SHA1
c9bf3f3db08f358aedd72e0b915e75fffc11d5b3

SHA256
2a945dd4282c30ff224696a9a9a35b9d29b09c9ebce6cb6d10b01247a9a6057e

SHA512
94333d7f810a5f3ffcc7c95b95dfd023eb1dd4a223831a303647310bf98b0ebeac4c1b4404ab82c79b3492e82a332fae5deedef108dcb97274d01d37c863362a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7009647c33617174c23d35c5951e3845

SHA1
a39ee86f9349d9e976fa219f96cda6ec97c1f303

SHA256
58a8e020d0835425498e3f036d37b268d372aa0d4d1bd3e532810a8be0f1a628

SHA512
5ee9b6c4a4cb7c67f1579b1a13efc816af8be89374fff35738c7fc556fc501fa1089bc400086dd3015ce2787b391611803c0954ad6299ca54b6599310e0b5e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f9cba13cb00ed1f49d988a4eb8550d9

SHA1
cb2f617d14b42b49e8537d25ccebf476815bcc27

SHA256
32505ed2be62ee0a4c2431053e366edea35c533c0933e8fbfed5687bdac9453d

SHA512
470145acad0fe939b2a4c011f0a1864bf92d28bff91b1715521f4ab84d26438172f67f38d5d9abf240a4827b4b8ba12b7b6b97145df814cf79196ae42bd7dd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3195a0d8a04114f45770af2f03aa821

SHA1
ebd19d14e67915ce6235ecdfea7827ce3f359b6b

SHA256
c8d0526b272e77134ff046f90ca60f2ca4c45edf6297adc31ddb0f0b68e757aa

SHA512
e1196b4b22050e921821ac053f6f7dc6ca3f2c195ec81d7c8b72fdd538520295c5ee073a52aebb367a29d62ec6db05e5006f113022acadd1cda6f1d176768fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d137dab6bc352b724ea1ae14c1d9965

SHA1
4a2fcb37c4ee0d7b9eed5637861e88fd6c368c8b

SHA256
d2d673c4732742147bef8369251d503c45af76dd1bb6556c9359b2a88b4653c2

SHA512
4147995bf2853065ffdbb066415120b3e5e12724e5d67175788ba5fbbba4bbdcb8f2c639bfc2d9a9cdfd7cd23cedf86262c25057e25a080225fa1184df4eea6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
06e1e26fd4e7bd76f3491f66bf484e9d

SHA1
4af70547623ec89f01a175597cd696dad7966492

SHA256
b1b93ffb6025ea067b5e6dcab716a76843ef1f916f2438ed23a26e303afa0f31

SHA512
88da8c31e8bb29914d49cba1b6bedb226c380e79b63a8c1360ce283a3d14dbfe690e0b40aa720c9c3b34fa0c97a197438262f22ecd39b83244783cb8cde76536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
69f31dfefd636ba8b610a5f0a5b254f1

SHA1
ff4138ec9069f025acc3688087b7f454552aae13

SHA256
72059b4cb44ae55e8739b66261dff72e9fedf643b0efbb2e3f2ea61ab3ad5ba0

SHA512
37ff40e2daf6c97a90b35ce56a7bec2f1ec5f2a62a6d9ea8933a596c65ddbc840cd8c8d18b447f50f69c55722ad3c7c6e1a711db3149957b9082464c91ec1868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
aa05baf4da92daf51f778a632a8c7690

SHA1
52a8673951df34d77feade1e1c81ad20b85a1813

SHA256
ce2b21d58b92e61ef938c5a748157e1c9e4139f6b34d52ec6b8c465d6d8f6783

SHA512
70d678f2ae8a23dc7a6bed2ec10351bcc87fc95a04b09d83dfd6b9db3413ca474b8ab54cae4cb786e31e96c91e60c091073cd631c4b8ecde597986a7644041fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586a4e.TMP

Filesize
48B

MD5
1a9f7b1bee84f713fab2d49d6a9caaf6

SHA1
e7e9d574a3e54bd3560116b811530636987d7c9d

SHA256
a2633a047f99daec8ef00cd776279c7e71669916989bf7f56721cff3f4acb58a

SHA512
dc261c4789a816fa86acc7ba2f1185138e401b795be9378f456165448e50b4cfffe718d94a9b723871a071069455a0e43a1c1d93d50d43d62f3f9f18019633b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
41c366f4c3f8dc7210bbb335d3c9db8c

SHA1
d041f8d51786f1f21cbf63413333b8f645584904

SHA256
a84118f974bb1bdbe1802a0250139ee1995b57aa7fcf835bb2975df17f6d91f8

SHA512
4076d0e719967a146c5699fd9ddffc6091dce86e8044e469903192535e8c59a4ab09705d2c0720ae646a8cd18a7467ad3c1dbade195b0d80b6f831d05119630c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d960264f7d3e63c34d28e40887425384

SHA1
abe3a30c27fb1ffbd7965b29fc04a10201f4b5e1

SHA256
3cd6b569e88ac42db5bff7b21b768035e12e0ecae65975680d429b89de7a305d

SHA512
b918016bd7483564a5481787d9b06e7d458152f8487f2e300b27f8bd5dac50279d6c198653ea6c3b2133bf23f1afc57bd6be12f0d6a1a8f6e90422c1bc4dd8ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
94fb163e61dabbffe2e4e941e1adae27

SHA1
90d07fe75e61440e1ba8a417454aa4d971fdd05a

SHA256
2a6425d28e1806987069bc1cdb024bb0bd96bfc4f365eea9a1040b3185bcd8c4

SHA512
f1474678196d0123590bca77a22b65822ad2c5d681136c636a1ee49c7c4e945608d21c1af7317feb3a47d3306ecc7dda3e077d0cd3e49b01624ab726989cb53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit