hxxp://fortniTe

Analysis

max time kernel
454s
max time network
438s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fortniTe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133447168520305627"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3811856890-180006922-3689258494-1000\{2803C74A-97EB-4AF8-A07E-B8D74BA06443}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
5528	chrome.exe
5528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 1644	3348	chrome.exe	87
PID 3348 wrote to memory of 1644	3348	chrome.exe	87
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 3092	3348	chrome.exe	89
PID 3348 wrote to memory of 2296	3348	chrome.exe	90
PID 3348 wrote to memory of 2296	3348	chrome.exe	90
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91
PID 3348 wrote to memory of 4868	3348	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://fortniTe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6fe09758,0x7ffb6fe09768,0x7ffb6fe09778
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4736 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4988 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3248 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5248 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4836 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5308 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4580 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=872 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5928 --field-trial-handle=1756,i,12888386364009656086,15454737239156179296,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x118 0x4f8
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
b24cb085b42d0199ce224a1f07f3f11c

SHA1
afbc21ab18dc9449dbca0bf6503d61caa190b858

SHA256
82360e786b926d4d216b467f924e1f29b1e681b1d01169629d4b3fd3f7ab16c5

SHA512
b46a263d0235fd68bcdf075d46d44ef3f90fa2c34854dfe3c913727797a57f32a20eb0fedc9f4d958a2404c572ec565c574d2c436a31d60840d6a89b26dd64e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
dfc0ff515c3855a97545484744ba7eb0

SHA1
d31b8a9d9496f7c9a3d710189cf4bc69d77e859a

SHA256
d205c73ce21a371bf909ddee767e708dc6d11308a728f0af9a818540ad751000

SHA512
2083d44faa9852d0e34295ce2476b280bf427e2c22702652c021871e630ecd550da48ce5b2f0f286c7002659681438be0ac7250a7129fbd60105fc44caed0109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0d9e20c5bd970e0467d050383996f58c

SHA1
219f6791e99ba947001126af864464ffa8d45cfc

SHA256
19fd387d999f4951e52dadbeb757daba39d999e611bae01da8f31908f6c34e86

SHA512
4e71b67a7ad8e5624f3274b0209ca6dcb6407729b6d8e1daed6317ffde28c4c478666d218fa801ecd3685eb97f5c5ce82f7d5a29dccae01ac9461abc2fb33619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bdef56b1c92f12377d312bdf9e94bfba

SHA1
bf8d9e0990c4133d7a615d1b409365bc03ae2ca2

SHA256
799deeb259cdfbf5693b46c71aea54dde25e0d2e7739449e705a4ad1ba5c0105

SHA512
0a35c66466710dd1399e8efb28960752310d1e29b5c72b67c60e3544651a34fd3b7ab9de14fc8ff255318d0e5ab227e19e03de1be59e661b0a06c71ce50779fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
00874629c731f7ae5acb3e43469677f6

SHA1
c9785eaf7e000356578dd79dba5f30614c25a7ba

SHA256
40cfd728d2ecbcfafc4dedb43a02fc1a81e9b1093824438187a1020b436f5457

SHA512
03e5e6456d8ab6fce99b1d5105cf72b96b26aee26d7576dfe9b9d5bc98efe88bbf038adda38f1109dade342c83b7d47581b32d5ec888e3b0732a4eb363d2aa03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c2d7ca97883e934e0d1921c99a28bc84

SHA1
0c2a4f05d725721a7c4a1cc51f8b3e1f2cc78b1e

SHA256
57beb5546f678d02fbf586a4d8e2b1ac74e75819740f23f23e80f52073695fa8

SHA512
1ad83c16115f5aa32a90c8760add731bb5285cc5805ae32054d50eee13cfd7c9a2663d49ac51b3e1dedf4e4bcf3ee792c9588d67c0cd58ddabda28d9479774c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
fba1ba355268bb01b49a6db0045ebd9c

SHA1
d1ccf878d4633bac0a398a7e6517182e3eee3f1d

SHA256
5bf5d3eb9e36a3aa46f44eed3233dd45e44a483f03ec5f18411b7a3bb456ce03

SHA512
691d5bfbb03fd522bd9417ef51fe808743c660577dfdb7173480eb2da7c7f67e370f833b656b836e58e0a8e06835ade2fb8097904edf5b42d244bd4c0e91aaa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a041d53b4bcfa44403b23b1874691534

SHA1
b049636b7cf7dded53f126b7d751707445d8dd7f

SHA256
1d1d54a4d63de2e7db578124c27320b854bb8ab76247f54eafdee41242ec3a03

SHA512
84137d9af54e9b6cfad7dadba3544a3c7e90df7f23ba139406c6c4ea94280bdb03eda6ec47df83dc4c2b467800a01a1f8d28f1b0fe2caefa746488bc5ff6b1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e84e184d8a79b73a73422aef50418478

SHA1
6a6f47ccf9f675e0b6b9a8894deae50aba07c119

SHA256
d24c4e0accea2af3cd7a567d9f489f0cb32325c4551f11b710c253542de332f9

SHA512
984f0841e1de76f68d74a95fe49491200267387dc33b1b243d522a4034dd41befa980eac936a5ef502de5e9bb1a3905047f7183d690baa797ef0a184a6a5dec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
fdcf6cb91725999f3815f19420af1390

SHA1
42161cce5b1ef698b722314177acbaeafcb7ddbd

SHA256
8497f6a98fbea8d02ae18e8be6e698d6b9626150824cc091d0f23bf9547a77fb

SHA512
4587a8b3d86d4e7172a1528c80c73baecf27dfd8790bf2a10505533716ebc4da465f11177226c3dc9473c59623fa48fc0c7d030f98544232c11f363c7e9b13a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
afed203e4b5d734ae263318959f25a95

SHA1
4df1d947ff22272558f0c45d4aada93d7bea09ca

SHA256
db2b435a2c37276dcab6ec616207400b3a8ec9f4b9361a7a5db78e80f1889bc5

SHA512
bc0c46ba59013bfff35e4691db7544a0b39ececf24e681a2134806cef99f697bf73be8adc00645161fe79603a8fa08e06dcf3198e5004ffe6da2f7dfcbea31b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
8cc8b71776b3aa78f10f825cbb5bb263

SHA1
7fe10045b446b141c44f150de6c98933a43c3c06

SHA256
dd0ef70941ed1d42fa8b733790254c7af037f1b82af498160a76562f52ef3202

SHA512
2b469cf9aeda456981421d5cd1daa102bf8d899893b4e22fc682271a787d24a00e3d47111484872638ee77b09853c15c3bb90806f28042ea11d9e698261f2d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f416b820a7a8f5ab113d28576c3556d4

SHA1
513109eee6b356ba4407e0d986d8773cb0905428

SHA256
ef0cac2fe9678dd2a3936ecda31bf30337f2696c7540de10db6d83828e354160

SHA512
1e039e8b5830a1b127655cc6f246efc96aeab5eacf2c834f8a2eb501b85661682c2e25d9fb17139006ae5ed840b3b162e68bd858e578c4720d12ad31aee7c0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bcd0f27ec4d58cf82e507ef02c5120ef

SHA1
097ba46f024328a286b504239e34db74eafb72b2

SHA256
14d8dcb27ec23a2b7614f400bc31c588eb1f5cedada52f275b10b8185510bee1

SHA512
78576b4ea78b60e5b3868f22cc0f90304eb47f4aabc7199b2f29bc7e3a07956dc931ce893158f9bdebebebbf25b1ee1478d3434ab4fa83412db19f0cb9ded048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e68f85d926a8d4a7d13478e648d75068

SHA1
fd11240c4bef5ea201f7c10f6f586d001e9d4767

SHA256
fe3bea170661326b90e0c13bca714c686c5d5db3de8894255d716a0b30934172

SHA512
dca24cdf7fd3d0b0b4d63b170288c2816fb7451032b9c9496c04839fd7dc9763fb2e78b3282dda2d1789a75fc0f87a1ab6af2813e6475a4231c39057115c75cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5b1458ac0f3d591bc9053c4ffd9b210c

SHA1
d80ac82a1e51ccc73004bc09bec336fa03d97786

SHA256
bb4e803ed9c1e360e653e48f2ef28641d594e005aa253f33555099bd0ba75bce

SHA512
f33bfab58603900303f31125a3f0d97991e8dd8811298063e731177726212e481c49e3f8ac783164ca9e407214d703dfd40e7b2d7328bc8c7005de6e4acbcc90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a65931f377bf42e6f063069638b2d29e

SHA1
546e6b0c1cb721a0f43d1b6c93315cb438812230

SHA256
9a8bde8f2a3b133e54cfc6f6d1f177b823c0768071b11acc4554ece2b21128bc

SHA512
b3ed573a4a33f67477e17f35ea5d0ac634337dc48afd3136f8ee6e9c2a077acdd2a9f8fb306516d89a8531e21ef4711f1562c3749a75fa72da28a737c5bf3db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ca285d06f0cd64ebfdf132c5dbcbedec

SHA1
516a27d16ed945cde22fdadaff630b20f8946a95

SHA256
0a1aca586529e224d78c0ef2684b75b58471a4ec50b0c8c53dccbf01e3183a53

SHA512
76589640e6e811ff46e72a1082941171c10ebf50bd2fe71b86d6279b5f387a86f6c2b97fc4f7ef9b93bedb2ca8a333f1d4dc7c26d875a3a2b583eee0983d9f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c01a1e234814f1ad629fcf88e0da36f1

SHA1
508035f18e28070a3052478402844f4a1e79a0cb

SHA256
9fa1400cdbc2e3efc9b3680b4705c52a7ad9b321baa715c039799537b7d682cf

SHA512
9a0d4429c3d5beea678639dd3a6851672c6a7b2c8a6c10470dcf9c441b9aeb597f8b8b95cbfb591fe9040ee5d9829f4d718bb839cca8363f3f7257f03ea099fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\22f41da3-967f-4b4e-8cb9-ca1065acf806\index-dir\the-real-index

Filesize
624B

MD5
83ec4b9be9d23b89c672c165b1942a3d

SHA1
2796227fdf1e38c13beeeafcef39ed2869dc70ce

SHA256
ab7260fad382b513a7307c61f56dccd72e2f1dcbb81f856dbebe5c902c18cabe

SHA512
8d8b77d494fe3e581e47b04dcf419d79c89af61c50d5821c55fa07beb820c011136d111377ab6631e9cf01457c849a8aa5f072b87083c4e3e9ddc8be9e32bb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\22f41da3-967f-4b4e-8cb9-ca1065acf806\index-dir\the-real-index~RFe59938c.TMP

Filesize
48B

MD5
0589feaf40d56d69e255ee1f0e808999

SHA1
aae50add86325221cf9543797929138721ffb04e

SHA256
8564544b5f363cc318f36557125a03ecf91df78928fcfc75707224099750d51c

SHA512
53cd97d0c4ed5033569ac2b9c4fb90787cce262925b754a8a92cd46aed47e8a4632bccaea9b770349c6ef8556dd3b721e8d08684bec5cf4a35cc70f34f488f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ead08fe5-2bc0-4678-9b88-823ef93bacc3\index-dir\the-real-index

Filesize
2KB

MD5
3fd5be8e4cb586fcae7d3fc191d94b89

SHA1
2df89e7d009b6231c695b2569bb31b83333fbdf9

SHA256
0d643fadd2c7c597eecb1b19d5604916d072a4de10f20012a13c7fc27b14684a

SHA512
1e61afb1e93e094164d55adbe660c402dd643786551adbde99a2cceab7a4f205983f16438ad1b6a70bb6d9aa06d74a8427aca314c638e5f4a3e14e5a5c92f169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ead08fe5-2bc0-4678-9b88-823ef93bacc3\index-dir\the-real-index~RFe59a399.TMP

Filesize
48B

MD5
3124dc89fefe11d68f2a12d616e1a261

SHA1
de89e3f874d273d4f7c1c3cb36dacb37833c8b5a

SHA256
54bffff7da04fc585b5609e0a2e93e37ff1a2352aacc4e2a03b274a424d4d704

SHA512
2f5a99697a9d6f2cb952115f275e4c2efd75fcc17d4de2cbc5481758600d5d9c8465abd0d5756a347719b6cdadc916d152595ac19307907c00c2e09740bec7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
71d9f9e9f9ecc65dc5833d34f5154794

SHA1
6569bf0b9028450466e782b6beb6e9239f2b2c1f

SHA256
1b6186e88d8a0304fd0592a8ecd1e49b77109b2c3114ab20b8adf7690b301e58

SHA512
f51c1726c62021fef61ac61dc1bbf878aa37cf41b229ee149acc2cf436aa701d58d9ff69b4d411d5d553bc8281debfe40fc748e8a75a6e01307c3c92d4eb716c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
5f26e3d3ca77d464ebf37bf29589687e

SHA1
ba6ebde5236315c8dc128fed75caad904f1b4fbb

SHA256
69b798fc160c93a7abcc33cdb4bfce1c625deb6a39db71d7551857b1571f7f1c

SHA512
8b3a10d6136d21437e9f7ee8d78c21e7e7fc4e0295c1fa3292137dd057087722317ecad6fbf5fbdce57baf33db79f80cf412e9680cbb31cb9617e0f20be70ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
fbac55988a87e7a2b0c2f8343973f01d

SHA1
f5ac138ab3f66a1c46f3da850c35e0460c2256b4

SHA256
7490b85a789631df792e14db1e3feef39cc7b984114f41a72a4bcac1ecec303d

SHA512
01de0f0af56135cb21843bbbbfba5972d2f6d8b150b266158a66f1dd63273a17e35ee4c8c323c5bcaaa00a1d14147550a34d19136beef40e824ffe7b39b74613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
6e4ab87f4bff76f50650a752505d495a

SHA1
17b821ab72c278a97c78375137ab4d003eb4a99c

SHA256
ee6b247c8194e232279f32e0ec110d1aa14aaa7f279dd8c6b2423d895ea9ac6b

SHA512
bb74c43579c4c70535de820c92137ba18f699c080d9def36b9805af31cfc02a05589603b164d99003c60f8fb09ceae99d98481d81ec92a87ec199ecc6a165212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
282431ae1fdd453d9108fa91060e8b12

SHA1
56ee38199398586fc4ae54238306331059134647

SHA256
3d301ca46349f0c8d75aba2edeecc8af344246d69c86e0c0ac6012158dd8e6b4

SHA512
daac406387a48c7dd17e7479d4fc980344ca7f4ba4755b0ebe952e0f4abb7764caccc50195771556be0474e97ca9f76b379a2f7f8f1e65adc2e90c33d4d8638a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5895b3.TMP

Filesize
119B

MD5
67a2fc0e3be32b6995998616abc61763

SHA1
9083d3c282786da4543790f1fd40b40e639babf8

SHA256
5020dbcc2b5cc58b96d1bbcb310afc37a782580efbbce95de40a56619270f75f

SHA512
477c372065543f334fb1cc549557cc9a80bbdcd0b4b7b9c0dd828a1272e83d4d46145099850db3d4b57f652cea819be2e1527f36a3911d988c0864e4bc7e9fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6231860d5d9d872c1b339420edcbd283

SHA1
37a57fe20e10253057be12a84d93e3179e036a00

SHA256
8b2d7dfa78384eb48c0ba101792dbebd4e6357f0216ac7e2ff7af7d216b9a728

SHA512
e9f0858a06d2f76de534a48d2fb146821562239407b40bca2c4b3a619096dfe7a7d4e2069245d9174da545b81626cc57bbe91fb166afa7f308d2ffd4a9d6af85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f8a3.TMP

Filesize
72B

MD5
4a79035bc2a75d7c5ae7ad546896f3ab

SHA1
aaccf0c60070a032d46d14f4424a84cb6bacb3d4

SHA256
41c4a71c8a18015b58e94bb54a66d44872d0ce50fe767e3af4069b70041a4024

SHA512
f5dcca05d56dc9c6831f0c2d404cce37e5ea93bc70cddf41f3abf01505444180babf99e828cf9668109c9131824cfa09b2a58d1982efa60c5bfd7b9abe607358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
d0dfdc03fc202536e0e0b5c0ad928e0e

SHA1
0ec1b8167696baf8035aee0d64394d582315905b

SHA256
abaea24d54d26f9a084aaaec5df0e9b062b13ccd17e8a307ef3dbb87e3a39ecb

SHA512
ceee7a6a1f0448a45d8f879130baeb72860ef8e844f27f228a3548a95c86c1051cf7d79f033b220359b76997f1ff4fa739705d8725a56432ab2c76770222cde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
1a71e88de926de6cd9dec002b08dc5f2

SHA1
f1447fe3fdd7f66d79891c9352f7201b06000b89

SHA256
e07d109387c3393436ab7111f0f4b5b7a790201a2a6cdc3a17c99f3a9975e1c8

SHA512
c5dc4504e6e8f000e30e380ee4fedfe436f832509e9f2ee63859a7bd53e051393e1e40c63c86b6f377ebb84b7d2a37fd28b3489cf0b2cee9ae3f4bfa242a7371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
09ec201ce57445decb1ef739de3e40dc

SHA1
f1feff6c4fcccaf28427b5ae493a2368d88cdca7

SHA256
812dcba456669ccdbb250c9926fbe3c294cb2050923ae14d8ab0d55a86570f89

SHA512
c8f0525b325e30a0ff0e53a2ff33ecdf1377763676c2128fc6090c57f7f2f8f560f53c986464bc0a0dadbe728c41ac03590ac6330aaa7db1dc79d451af9c2819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596e21.TMP

Filesize
97KB

MD5
a831c222d60dbd58427095e9fbe680bb

SHA1
b63cd701d889c80b9d794ebdc15c42c1c5ce3821

SHA256
f69dac5f0f873ebecdfd567123e67d0f290e103d474ec10bc5748e85d7962f08

SHA512
29d5ea77571322bfdb54d884ab2329fb64b0e616242db2b5559eeb12dd676f49f1e1f32e9d7ded8fc94414b02a52b6846a2e4682e9fae0d30a7e6bbd28a6b909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit