hxxps://bento[.]me/interface

Analysis

max time kernel
299s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2023, 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bento.me/interface

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133413132208483752"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 1388	4584	chrome.exe	15
PID 4584 wrote to memory of 1388	4584	chrome.exe	15
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 1916	4584	chrome.exe	87
PID 4584 wrote to memory of 3876	4584	chrome.exe	88
PID 4584 wrote to memory of 3876	4584	chrome.exe	88
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89
PID 4584 wrote to memory of 3052	4584	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bento.me/interface
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983209758,0x7ff983209768,0x7ff983209778
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=384 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=880 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4928 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5608 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2680 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5304 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5852 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6052 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5172 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4896 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5996 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5032 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6084 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1896,i,4406133035392845869,14956890464934544358,131072 /prefetch:8
  2⤵
  PID:1696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x490
1⤵
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
cd37ab02cba5846f22f407bfb0101b5f

SHA1
f0aa6c8c5176d910862da0184d90d6456dfd300a

SHA256
6de45f42d3945651ad36e20753d0f46a2dc31a77d229c7b2d2dc4665a5b7a48e

SHA512
585d9f79ee1e8ed260062229639af118180146873c433377e0dd4dceae06b56aa986c661f71fd3e453a19508132ff1835a79c19fab977427797eb204a5558695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
810b1ae1cf256dab5c8e2820bf8e4003

SHA1
ce82fcb26a43cdc8a31bb8ee640d2f05db94d2f2

SHA256
c9d0081b48f0ffb516fd930e9b1203e921b7d6f0654e8e6fcefc785b37a4636e

SHA512
fcde1b6144be5bd32a3d3e1e40fe06e28eef78ac098d76ad047be4e540423a1adc04f52c45781af79e66b8175c7aa708ed8bdb4d073dc7cb2b5a5f43e4c0206c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f460573a957a1eb7b3e4c55a8f1712c2

SHA1
3ea720e06c09baaac26dcea8e1c68b3bbc37500d

SHA256
aaeaee5e766a31521853374e13d17b133ec659ffda7373791f8f861278416a4c

SHA512
183e76ed7fa614da039fee15fb6499a60aadb910d40d27ba3bea0b30c80426e03db25ecabf213d57d7144a4565b4c0b51af76bb1e6c0cb7e34ffeb91a82be6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6e4c68b1f5a5e4a2ee3231b1e5e421af

SHA1
cdca633fe4f54124cbaf6e10e8619c59d7a70569

SHA256
427f8ed70a1b118a444653e70be771cda79d57714d460a5129560b0a565f2ccc

SHA512
ca82c71df1fe038f23f59d29aa6254276111573d4062e22a11aa051b6d06188bdbf031a543fe2b7eb1026bdf264d37f71b6f61cf35c04f98ee4a92fd479eff48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ae9c9f0f10a488f1afcb1cc724348376

SHA1
eaa8c278cc602493edd11b6ee62c6243e22131ea

SHA256
a5d65660977238743d93eabdd39f16a87f02e27a2576151623d4aae33fb98a6b

SHA512
ec9d963004b42f0f79e2c4eed97b631fc7ef841b8b3f371f378c492e94575d2a37d26975e963c5bd60494120babecde3f843e9b988b67939a7e512403cf061f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e332d3d7354609590202144c98f04225

SHA1
58b144e41a4c7862f972be426e00d313082519bb

SHA256
a055eba489c99e019801f8955a28185a154a4a8f5b11e01759a80a02c208c4d4

SHA512
e0715900ab7e8fcd4987a8877c8baf26a8e92c3f2056ed69784b47071053c3824f15ff230394d09420c6391b0f5a28428e70bdb26def825992b8d563bf2050f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
72530b889f2c11673dd5f275974efe55

SHA1
522349b80b2ce1a386cf4e8d3e18021ad3937e9b

SHA256
dcb22156fd47c675316a703309e4e12a3498783c84d6d05a2c5cb6f491e0e7c3

SHA512
b2b95e444d3e4e634bb0c0f026ba700c769cd11519e6e1bd78a1b913fe344f2e1a3b7154784b8f406202135e8179a194e38165ce095d7519e9c642981ad60297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
876e962d2a8d98bd60e5663e087101b8

SHA1
4d482e2911554c97ad01a64481d2e32ba029d6ee

SHA256
a8c48b4a4c51ee3ce3a9b7a9f57ab99b1c2869335101898e558ea2ddd2a24f81

SHA512
c67fd4618b926a9f32a9e6c7d82407e4c34ef2d5bd4ba6a5664dc304f51018f42014817569fb168cd5159283aafec6e4b5e6bd6e769de7bac5a8cdde9698bd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ada49a58dcbc710acc7debc4ba1dbbc

SHA1
f97f0bdeb043917168f85c0a10e4d0f53c34b86d

SHA256
ba32253fc947e2704a43d8ac76e211fbe83280150ab236f0429cd61c1776fbe9

SHA512
580b36b8114999cabda8fd45b90fef65f9e67055daf5862aceb08f6c4ab5c6d6a606ceeb130f2b278e248fb58e4b01b1eaa7aeb42901396fac61e497f0ec39a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c623ba3045832dc6faa63f0f7e50641f

SHA1
e875de2a2a1392d7036ad70fc000770c2422cb78

SHA256
cc0230ec4c0ad35b6a9ff5bdbb516f65793f9d1bdd5b46c69386b68b281c97f2

SHA512
2675e95a35166147b6efc7d73d0fab346c3ab89f24fff450a9c2bae06d35c4f34076205c920443ce152b9171945b8490054eec487a0f4417a33037069b2ff3e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
320c6811cbf4394e2c09cc00fb4938f5

SHA1
d05381e338e887138b69fbbf8067cea7486df607

SHA256
50d1cb664e314d8301466af33f582eded8ce5571be4006c542c9558b31ca7d73

SHA512
01a3ab57061943d7e05ea40607988021e4c2fad9b52a1492800226b1211194d4828d4b1eb290fdc793f60dd2cf17b669579ecf3182867f61ed3649702efa384b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
c36aee7e21e525aad797560e402fb823

SHA1
d1b721f7301d80afe447cf8fa921d84d22dd4371

SHA256
610a625c349b1bcf39f262e3d5267ed7424527a5be155aab4253b3fac3de6ef6

SHA512
b7fa9ab5320d577bfbada1fe0df13833aacac0dee160407fe60e8076458ec82dc487f88968d603cafc8e5eac23f390ab2e1d43d84d5747dd2ba288ad7edd0a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a56d9ea93c46dd87894843504db221ce

SHA1
07e0977866aac2218a10c7eef8da5805f50bb242

SHA256
b868a2f0106dd2ab6131e15e01f9dff0e56b2491cc4dadc9f4b01c1df896919d

SHA512
7211a98b6f9e7e328a3507e4773959af66f2edf69186886792ffe9437e7d7f9278e904d9d40d01d0e7210ae6540db0f469f6ba3a1da23a0b8fc4a511c3255fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ca40d98803c17cb0925deb1be28914a

SHA1
82e901614fdc3fbce4de9de02dddfb70b867a661

SHA256
1ad9e429dcc12bedd6f9feff47528751dc9bfe2129ca2e53706a36b35e9363a5

SHA512
3ba26de61192e2709b535b350f8bb70298655681f0552dbbc4f419ef70674ccfbaafef158de138b1999caf52a8f3b0810df5eabe98417d8912df9790a1183aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b85c5694faf0f5b383743abff4280370

SHA1
9062cc1e8c70e00f6e269ebb162b79e9389062fd

SHA256
178dba412c49e0ae4cae7c8a7ad1b3a71a75a0546fe471d94c4017f6d602c230

SHA512
6bf4c94ddad47d69fcd453992059e5e654847fbb8662ab621e261bd57bf1427b80e4a1b10977765e13aba8325609c7948483feb4f9e9a846129af3308bf30575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd5104ced98fe403609a392a3722e37b

SHA1
7a44031211eba3aa3cd7c420454e35080b53a7cb

SHA256
fe35c35098d657935d5a789cb2e57b0a864055af97f2bcb39b1ee83e34194e93

SHA512
09f02e224233ac34bbfc61caaba08a8c35f06415b0eb82e4274d48f038e964b9d9305a19c4a0f750251b854cc7a122429f325243bd321e4065ee538d38714341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
959ca6def71df7ba481ef1761175cf68

SHA1
3418200d81c1da6443a26fad7425ccdfb2125cb7

SHA256
171746e603ef251cd2b6d187a5289745454d5a586556b3a73dcaf9354ba97b8d

SHA512
8b06738a4cc1b2cb41d22dcf51882600d4a13808e4f57bd1576ae8d3bade734e8e3342766c124a47dd013f03680975683b948a10710b8038a345c2b546a6801e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1239e8ac8fa383250505d819370577c9

SHA1
7a4b149874c43ff651008f06058185de93e38e98

SHA256
7c18563579ced30d2d9c67186e12346dd3f531ca8a9a8f60303c79b4563bd799

SHA512
6f2523152c4607a7333e82ea640cc72afdeecdbad583eb220051491d75f59e4502eda82967ba422d6439fa94d5665b7087f7bf61078e671b41126eb10ba020a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
898409cd3cc013fc53200a773f660611

SHA1
e7aa9c9a8f73da36bc4d97c51cfabd39e178b7a4

SHA256
f8173ed753c07cf17d81b276824a40819c4419ee27700152c279e75cfbd70cd0

SHA512
e19eee40e85470a0448c6037e99fb0cafef0840cd9629389c94e2de1d86e4f4bec35ba019a0a33b2a877b905984be1799f60ad118ef3e97afa28edcd757cef02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5fa8b727cc8839fab9a565f8abe71fed

SHA1
99154f4c3a69a0234e9bd03616b95ee3161098ca

SHA256
fdbb1a12a35885d6ebe0f621779a9dc84742fdb2582ddd2f0bf7f547725387e8

SHA512
a04ffba8c3ae46a267086f0cee1e0b205ac71af18294eb463863ec9580b59f79d72616acfb8867aac9ab6786ae7d2ba013cb601b3abc0d049c21f32cf5b1fdbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d15e5d95b8541443ef02384bc640563

SHA1
deabe49631a2766e14280f0c91c91982ef40f480

SHA256
ad30661453b1f77714dea4432c7bf6b12a312fa25851abd364be453499d1d4b8

SHA512
e200ae58396b0eb37607af629a8cc18b3b3fadde91be0b4d820d5ba06820d2caa92eeb2c7ee356605766e0807aea6720e99a620b59679391dfe6a7b4a44b70ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d4d8627d41bd5c4849846854f1e09a9c

SHA1
cf78d2e3b222e999b80cad315fff2b86fb5f9a8d

SHA256
1a1fb12566fd4382306bae379be4108bc9c17e2b4f97dc9acb8ba3d3128147d0

SHA512
cacaae2cf484f55774d1df78c6a91ccc84d42f79dae08f9b164a8c3b8dead82c83b24a7a934a17409f5d1df01900ea605996f067533919742b13ecff9da4f059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a61b7aad1852c5410b410cbf163a4b16

SHA1
9a28c1c94fd48fe0619f37ff62d2700e1274e9fb

SHA256
2e3d1ced65991f4e140f6730bb4323e629b244280d9c4d47b6920545bd1d955f

SHA512
e0e5636571d2f466c972b9e98f501093b6c1122820baa0ed7b13a2ee16330784cb21c3574a633bee5597bb8b93d50306eccbafdf1767784493a83ceb4d909067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b7e93.TMP

Filesize
48B

MD5
6ae45c62ec0134feefa8b0643bdaa61b

SHA1
18f003252090aa9b7cdf47a0d3322aba179a6179

SHA256
98d931de096bda4f7ddaef8246dd8009a8d11a2f79ace31496b4df523ae93734

SHA512
877bb0bde6c9bb45728307b2d44e44fd55661971d202a0378c4943aa618325ff731427798121fac2b4939bc5b6ad471a4513c5e9a0d997ba3e2a0c44068538e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
446a72d9d208bcbf03143656335f4867

SHA1
462c584891e730ad5797bb06fe3e5a05f872e2b8

SHA256
9296cf1a8a9ce59ecc74fbb02b710a37c4d21a3fd49cec28adf2aad18e130921

SHA512
3a23b271ee641d2b61d76ab5e7d70c8576a911dcb4df7403472c0d16fe62aa14e7c6cb0a4dc98cc2b15a3e4130b257158bad453afaabfb9763cf28c7d09d83a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
115aecf7f228c68d056e98404c543b33

SHA1
731144d034b7fe35d8ccc3b40bf6b7588d838f2b

SHA256
5a5d78fc3552e4235bf37bb4918892fa5aa11b97d1b416c4945c6f9bf86c6715

SHA512
5c11134356a8fc68a9be0d2d9921bbd9cfa7f31b9dfc5840f39d17d3303db4d2237d2504d9611f46c23d892d29f47beca92c890ed7d07580b1110e0210a39e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
6d225ac20ab4104513fe49f3fa3195b8

SHA1
54d7a2887eb8eec96a60ea985253fd0c19e13ff0

SHA256
87301ed23a2939544d494350c36c352006b59c8ad3273a958fb40b25be1d1a2c

SHA512
1b7b1e8145aa18073611f223d77e680555e3764d033e145383732e782ad673bcbabe290896bc88062cfc0aa15c79fd01bdcb45cd624c6f2cbcf753cd8df1da3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5f8193f7685cd72d49b5b99b7593a24c

SHA1
2be9298dee2ae15c41367cb9309507d78026ce65

SHA256
23b0a40bf45936621aadc08f2dcb1e4db06fa066e8fd8659cb5624aab5b8e19f

SHA512
0f4fb16514acfef5f1fc7aeb3339ffca1ed4b222ef2905f24cf7990d909d442cc83e76629e92a148c0f7295534805ba5cff9f3451fd221c03d2d82bd98869d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
131368ffb1b1ac9d1a7747d2331c107a

SHA1
1c5c3837c6b809a7ae7d922b321f34263bc3b4b0

SHA256
8a66138dc1837ed90fef18fd074305f4e5bcb73e6145a91b8a4a633719e237e1

SHA512
722fcb8313ac25e4c4241e1180b3ee1ff91ad97ed498bb2f00290e57ab6cd1f399a4529181c16cff800ac66402c9f56dad828e33538114405ca4908474d09f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b83b3.TMP

Filesize
101KB

MD5
9f3bedd7b085fafa89325892f3e79fc9

SHA1
827fa8271c6c4be372418c6bbc5c818c35786582

SHA256
c523f4199e17aeb9bcd237a6b75e93bb264355834c56596257a03fa691bcf079

SHA512
aacb82e59abc5827fff2a8eb366b725971d101356e9c096d16c5ae22c0144d1da47e8a1dda28704ab3fc2da7554704189d4403e467172b1b880cf41ec7f67fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit