hxxps://url7923[.]marsello[.]io/ls/click?upn=UahYuwpiLl09tDl18GM0oMZrpG62xURbnjLKBFF6eS00iaKpEMN6rxZC7uRA9DBK2xPR2G9P5QqvtJ2VAHDj2Q-3D-3DH1_J_Qng6PoYR30S3YpbpzFZ26F6vHax58XYJ6xH8lMS4F067EpNd4hIrEs3kW70f-2FR7dYYXjzVzgs11yBZi9100QRLt1kuD-2BBUcFf8LgzL4lUwQ8VPDH2SOUDOcZSjW3ztbZ-2FlwaHMffvNsxMjalLKspBHIQJKNv8qVUYaD99LCcdy7Q0W68ewfeUG35cP9ulFDBOi8m1115RRS1qbI2uinRoO6LPUAbmKj3kwQyRdxOXGu83e7kgojpqXf5CRLV4Nv-2FWEtSzLpAPTO4scaWInKi7GpHdlK-2Bfbo3uUYSc5w4FMJiRW0389ldUsX2TwjBcB0p

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url7923.marsello.io/ls/click?upn=UahYuwpiLl09tDl18GM0oMZrpG62xURbnjLKBFF6eS00iaKpEMN6rxZC7uRA9DBK2xPR2G9P5QqvtJ2VAHDj2Q-3D-3DH1_J_Qng6PoYR30S3YpbpzFZ26F6vHax58XYJ6xH8lMS4F067EpNd4hIrEs3kW70f-2FR7dYYXjzVzgs11yBZi9100QRLt1kuD-2BBUcFf8LgzL4lUwQ8VPDH2SOUDOcZSjW3ztbZ-2FlwaHMffvNsxMjalLKspBHIQJKNv8qVUYaD99LCcdy7Q0W68ewfeUG35cP9ulFDBOi8m1115RRS1qbI2uinRoO6LPUAbmKj3kwQyRdxOXGu83e7kgojpqXf5CRLV4Nv-2FWEtSzLpAPTO4scaWInKi7GpHdlK-2Bfbo3uUYSc5w4FMJiRW0389ldUsX2TwjBcB0p

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133488785234165542"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 2968	4852	chrome.exe	42
PID 4852 wrote to memory of 2968	4852	chrome.exe	42
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 2016	4852	chrome.exe	89
PID 4852 wrote to memory of 4992	4852	chrome.exe	90
PID 4852 wrote to memory of 4992	4852	chrome.exe	90
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91
PID 4852 wrote to memory of 3676	4852	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url7923.marsello.io/ls/click?upn=UahYuwpiLl09tDl18GM0oMZrpG62xURbnjLKBFF6eS00iaKpEMN6rxZC7uRA9DBK2xPR2G9P5QqvtJ2VAHDj2Q-3D-3DH1_J_Qng6PoYR30S3YpbpzFZ26F6vHax58XYJ6xH8lMS4F067EpNd4hIrEs3kW70f-2FR7dYYXjzVzgs11yBZi9100QRLt1kuD-2BBUcFf8LgzL4lUwQ8VPDH2SOUDOcZSjW3ztbZ-2FlwaHMffvNsxMjalLKspBHIQJKNv8qVUYaD99LCcdy7Q0W68ewfeUG35cP9ulFDBOi8m1115RRS1qbI2uinRoO6LPUAbmKj3kwQyRdxOXGu83e7kgojpqXf5CRLV4Nv-2FWEtSzLpAPTO4scaWInKi7GpHdlK-2Bfbo3uUYSc5w4FMJiRW0389ldUsX2TwjBcB0p
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb91f9758,0x7ffdb91f9768,0x7ffdb91f9778
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5280 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5384 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5480 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5228 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4248 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 --field-trial-handle=1900,i,8957695596839409984,7762114022841015240,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e365050c376178fe5328d62471b7c1fc

SHA1
799c4273ab895eee437c033b17b6499a1993fe5d

SHA256
7493f13c77b1b67af5599fdd725e506a60e47724ab4cecf17355a8ccf87ca491

SHA512
d63b6bf4361c5b55086ecee2140dd281f15e93ad28cfd241a227c10b3c2c367b7eff4f76f1b968482fa0c3ba2be23ede1fd448a1d157c64f3a4d7e04bb3aa39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
17650cf391a0476cc2cda11cd81f0758

SHA1
4fa001197cabc35a450d8c11da60cc5a8d910184

SHA256
8a92777e6e42ee4a31c41ff8f10edbc2e48930002aa59774b596ecda90095102

SHA512
6f59a571fb3956085b67c343a0504dc37df8d3fcdb61bfb3f13b620126a5df5c239b83682479f7ea73cf5a1e4ff349095381740ad9af7819a71b988b1da30d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
75590b34cb6506834502f25d58530cf4

SHA1
428248f772d72b5e80bc165d443fe0c53391afcf

SHA256
f4cca6e2793a738e74330c3076ad12f399663f892e681175a8543e60c81b81ec

SHA512
70598820c6e2c57e7ca041b6f47a23d63875abeb78abb1ae489880e29ae86ef36c34984c843c252b3d0d2d8fd3741095a6e472bd1cfff2d640d546d7ee819533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0508fd3fe74db0d11831f11929ea8770

SHA1
80c745dd903d2e46fcbd9e05e2bfa37ec35a458e

SHA256
ee2a5d1ca25f3ff2b7d48efb05ef2cef4adccba408d69b32a6ac130e8fa17321

SHA512
b177685499d22380699624427d27ef8536806560cc28f11080f69ad7a0aed740b7a0a747fa35bbdcc977d38d21630d9960b5ae3977ef7dc9856a7c1b71b12636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
937ed063063b074da45bfa919bc3ea2d

SHA1
d408635f82b4eaaa141a0eb952c94c680a40212a

SHA256
a0d273f4b55920489cf29bb107ff2d2932a34b7f31a28a700e728a0abd444887

SHA512
5e1d2f68d2c8b500c325719c64cf72ee05c9785d2351a310469c1be7d53cb20534c1bc5e735d622b33b63957f5b6ef97aa3dcaf3ce9ac7f491679e9cb70857bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
969fa49a86985c04d9b51c86a662cceb

SHA1
1aee4a6b4a48f6a3d5139546a90b9e2274bcbc11

SHA256
2ce7127b0c1ea9129fd89eadacc0edca7709550da68a7ac46f6ca86db65134c7

SHA512
786dd744db10e70de302eb8c5a165c2b5f012aac9e48e7fc21555051fbc325468cacea6f174602feb402518be3980d7ee2c29ea83739a1da97b9fb66091ac88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
e74dca6883ecca20b1c0a4b00e529484

SHA1
c6b6d632ed430f10fd73725c9257c1d0db5dd649

SHA256
b7de074967fc1632f70c7835986fc8ee1c035acaf3782747aa0f8cb7e50a9c87

SHA512
97cb773bede690dcdb357a7178160c2cd153171c741acf2afc86a5e3c405d9a9d81cb5de70f93052f08d923c0aff49fb342c6fc2c25065e7a980b45c2e5a5f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
a0b187195f9b0c8431cd945978fdc254

SHA1
7e07620b0f799ecf5450dfd8a6d246d60a1290ae

SHA256
2e2bb2f6c53861b93a3dca98a15423c78cd791a5d075f30862e4050a555a9b55

SHA512
27dda07920dbe22405c69a5552114900e68d39aa678298f154368e53c32670317e1e2860420bbad9c4f4c0d9ae3dd40fb7f032443aa0a6e3889044a5de4d1e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b83d4df34962ec4eb61e95189d028e0f

SHA1
3ef6421906c50ffa80bc532266aeb59d48df8ad4

SHA256
53e71f3fd5cf578847b77d1d0f9cf87fc35ff6734d0db780a432affa89e2d3bd

SHA512
dc3d25c63906ffe3dca1bf864ff6ffe8d9a429d9656b8397ec04a956f746c243a795185153bd226769bcecff50ef364fe6a501f5cf65d90463f8b4066e2cf164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
a6a13733d70686500b02d69e907a89f1

SHA1
bed3b0e5dd11c84f8f6421a41e2ccab0fd3c0e81

SHA256
3bec4423f46528ffb0ff161874a96161718143bccc783aec8cfc367a47b2df79

SHA512
6daba89b46184ffa180d5940e4908a28f7c234c5ea6f0ea37c774ea372f03dc552ff9ae9ec1a501c4b46c6fa59232bd0f053f25b974f8f6d933ad2d2fefd91ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit