hxxps://icecream-screen-recorder[.]en[.]uptodown[.]com/windows/download/4556496#

Analysis

max time kernel
742s
max time network
741s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
06/01/2024, 04:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://icecream-screen-recorder.en.uptodown.com/windows/download/4556496#

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489880948262473"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 760	4596	chrome.exe	14
PID 4596 wrote to memory of 760	4596	chrome.exe	14
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 4108	4596	chrome.exe	22
PID 4596 wrote to memory of 2332	4596	chrome.exe	21
PID 4596 wrote to memory of 2332	4596	chrome.exe	21
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17
PID 4596 wrote to memory of 3488	4596	chrome.exe	17

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdcc799758,0x7ffdcc799768,0x7ffdcc799778
1⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://icecream-screen-recorder.en.uptodown.com/windows/download/4556496#
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4524 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4688 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5344 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5576 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4812 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5460 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6184 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4456 --field-trial-handle=1768,i,10466464171238163322,18135931037522120631,131072 /prefetch:1
  2⤵
  PID:4380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
33KB

MD5
114a6c6efaded6183976177a6c4182bf

SHA1
84081b6050a4502c1357215b8cb90195442cba01

SHA256
cebd781119174f3daae4fb13e4eae3d29494075951d099c5d087476318002dd0

SHA512
ce8a3d7f35c8c8c224eef4644d1644b71fa702aa6c28a45aae5b24f30b215fafbfea79c2e823032566c4a232c02782127e7bd2f7aeb6e0e3e84e5f502045ddc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
89KB

MD5
746d07e5b8adf222b67165e170295a35

SHA1
e8da86d3082bebddc88c7b6eec12f8dcc675cf83

SHA256
7079ebf95fec2e2b9b534b98af895c2b638a7225cb8e80735284c7c8b44a3eda

SHA512
141a72a9d25debfa62a06c018cb73e4fef0a8563a4de3c49a11230599093a61238390afb9256652968ab4529655fb1409994d80b0d308fb132f98592c661c2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
28KB

MD5
28a534ba01669803bdd0a3021f324cbc

SHA1
b1781a61e89b2b578e1aa02be87c3a9e15e774e4

SHA256
5eb83e103c809853bba044e9dd0804d49f366aa0113c1c4a7f7071b0e21f0a80

SHA512
4be1887be4eeb5da83b5d97a29181b5a4f211ce96efdd2f6ec92a0cac8531dc26d7b806e2abbe32e7f16763533308d439e98f2e4bcc43e90c1e9c8272e51a7bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
92KB

MD5
3c5b617670b9b1d9813ac1d918d1b232

SHA1
a4cc56c7d9090c8c553d58707ceb37755130cbc9

SHA256
1bf82a8d1c2bbb4b0777a46cbf07beb4a70654124235c8a7543ce41c1c90833a

SHA512
10f07573e7590d24df47d205ca6ef7e0d4a87e30e0f9e8d29f165726d1454313de5669da6e0ceffc048c74da365e92a822d27c9d61b46c479985ad243c4bc487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
16KB

MD5
e028fbf7a41ab6f352da44204369df33

SHA1
6a735b90ba11aea8e6178ffd48b2751cc26accb1

SHA256
159567599b2d20ad1b6dcc933e40e3d5b1db8e744455a0f757d9bdb048b3f6a7

SHA512
99eae00b162a98de6e590a47e1b9b840d1eeaf78770cd70960ce3a8a89668b446d7aae62aa646931e18dbaae892b3fc7de5999fac7f4a8272c9c6fc5b976fdea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
69KB

MD5
46c1fc2ba53908a70801ab7181da712f

SHA1
8b82678131da76e608f4e9f3ec1f003a7d85c785

SHA256
06e4d30a53f70b0c74f194128da16e2bf78fbb5ed64e70ef3302fb901393f49f

SHA512
2e15c66d68c6b4eedf318a2262a544586e8c0da49f843a8a2b24de65970027a7cc9c6a42d2b09cbd618ba406730cbeadd9c45f21f2ee11a12cd4bc786b081a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
64KB

MD5
637beb2095ca1f0b89169bbafebe3ac5

SHA1
6f34a75130f5eeeaef3999032e0b9e23eedc2a9b

SHA256
b92749f59bdb5f76e06d0d6d338262fc18cb3997f81ab9dfecea576846073431

SHA512
3a0d2b9376478b583c07934d9cff0b413d231a50e9d8e7f8780a28c32a15e159688108100ebecac8e2a196f2867ae220c8956843d2826c3f3ecc3804cb4afefd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\185299e0f19203a1_0

Filesize
40KB

MD5
6631fc238f71905fbed10faf793c3ee6

SHA1
bc173780f783365a173cb8050185c97d903bbe83

SHA256
4e8c71eaa8b5991b28585552985623ef6bd03793c20ee3b08f9a7c88a036cc49

SHA512
0f3ecc497b9c98bcfd1cfb81f2374a1f28dcb1d0d0c6eb2df09bd8c8d3218afe11570ca8f91aeba535ef10fffdcf3cb3cb9f1da611a954bd2c76d2bfe3aad9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cfb929899b7c2da4_0

Filesize
303B

MD5
a01ac30ed3522c973b41adc2b9a4e76c

SHA1
6c24201c25db24f67f78f9e1cfa380084378465a

SHA256
67b29cde25c50a3e0ef6b23b01ee165bf378cf91a04d9b8baba7426e610785b4

SHA512
c3d7eaeccb5d1aa071c1e17e302bc6d19df89f7765f60242a0d4f89c681d7ef005831d69063eb5ee65e8a8f7a074ecf09df1371392feb38516b6a46a348e70f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
979273ee25e3396f50a3f2d03b1418e0

SHA1
19c3ba636d7ad3d6e1c6ee7fe05246ffabb902d8

SHA256
efcb1f7d6422e3e02018e65c341ac190f1f60c43bc25bcfb95bcc9fd94ef74a3

SHA512
8d2e6812e18de13f74db1158f57cff1dab57082eec01b4710d02f7174c2a61096c155be4e329bc0b9cbabdca31622572637103bed5c2eeca61228d261060fddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
46d53643789a1f2194f8146457bbc4e7

SHA1
1c0e08e3ad1b560cf19ab24578f6ab3ef4b135c8

SHA256
c454c0c2e114c45b8b160f66b623f7a8fb72f13a9ed3b620e5a0944be1be2bff

SHA512
7aa240b5fcb606ee3faf1664cb6891672a421c3df685e821d67287dd0e147ec6ec01aa8f563ee7a7cf4700eb0085b5c537a0d387646365ca59fdef64a266d281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\41e0b897-71e3-4170-94ff-c75133b4d1f1.tmp

Filesize
3KB

MD5
ed3c85d37978a2f59d23a7a03b97d3ae

SHA1
e2b55e190f50eb6fef4d30864fc491f7737fe06d

SHA256
a57c3d89cd3178ef6f474c7f828cc54a1323e1a856cc680a26a14ddf49bf8b41

SHA512
490ba484248c597b8ad91e77569b5621316f1712ac35ba5d301bae2b55232e3f44bec293040b2eb06712a7174d3415f236c604092f519e1b44ba31fbeeff7fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
dccfbfdf524e79d676e338732ea371ab

SHA1
0c15d3ab03976a14c5e0b606eda9010d2b0fe3f1

SHA256
7de1a6ec601ebd786c387eb2bd1bfd5c2527d7e596b267c705c46e062bcf48a8

SHA512
9378299ad90cc3963037f6a181c9f5c12109b72a21087a742e0c0666f2cde7bb797af801a258518caae1499d1cc8dd943f132b9e0ddb23fe54029eb860185b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
452ce7b4392f0edd7221f71392ae64fa

SHA1
a56bf580ad21c3e19db8908a89ae2b74f39cc789

SHA256
cc3b4c706b43f01929f36be763821cc977450497055ff8aeccc544bebb84921e

SHA512
35b4fa635a33297eb61890b18fe3acecfec59d6181b8aa4719f031dd7c0afbc94b42f8adc2344f96d9ff8bb7267b2ca0ab5c455d4b3ff87037fa6051dbc3d595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18f0c2c18b700d01e930e965a01b607e

SHA1
a42e3ac8653edaa7a548c7ccb89135e244d9caf9

SHA256
d9e40688e8ed01480c9cd7f90809e7092e34075caeb65bd97c1ffa97f72acae6

SHA512
cdaba0c83a43f3f09e6bb421022f3af84780bceff6050934ceb39ba4647fa2a9a06f4f78610a63d43b3f28e74681ee1472e1cebd8ef66bb94dafc52a4f31b6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
65ed5f4eed3f3df2478168eb3c2efd6c

SHA1
4f6af336867fcd7e5fb5b40eecd0fa0e3cb7960b

SHA256
81260b4c117416131df20e108ba3bc25bd62c1b5c13e207ab5b30802f5a98a64

SHA512
3afc89a92a85331ea831e0779c4ce89cc8b5a53543699dc27c0cc8c7516e90eed0d86bab6b4dad1a7a47ad2b39963f4ad6fdd8c143213ede86bb64bdeef4698d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
18d2b581877f8e57178cbe5bb1427dd9

SHA1
dc8121c064c8d4cfffd1fcbc48504ed7107c7ae8

SHA256
494870131679d15f95d68076f2a56c968fe444634c0fe3e139564240a648447b

SHA512
110201d208cf5839a9140997753d7f18ebe84ce00f71c81e774082cb39e2e7eb5f77886ee302c488aa04349446827c0d29b6507a9f66a2edbd5391bb1112b067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
909741879fa1879635cda07d54fcb41f

SHA1
a50e1a691d78e9ec258a64531cd896f3f5935bfb

SHA256
0f7f452f9bf0a95e28c53bf9f9d2aa346dc93b869d78e58ee0588997f928e9e6

SHA512
19cb1ae5edef9fe5654f1fc94939cff79da0b9d1e2ab4ab7e53bfceb03f710dd9e0c3461829555edcc1400933d2d618d08b67178fb1688d54cff90090fdf9fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b2b4dd3335026ef0c8750304f655da60

SHA1
fe075a6440193b589a8425d9368a7768d50027a0

SHA256
97e9b5bc74a33225e1325edc52d10676a98aa81976f4cb70cacb8fb54c2a6a2e

SHA512
69d427f2b1805f05898a66e845c42a11e9f113f408e5d4dbee646b51b5d843c7f4f241fa82ef15b6ec763d45b09e90247b31465b083338fd9fc8845e12304b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f214314678db1195e7b87dfa03130add

SHA1
fee994a84555ea9fe5a69e5c50d93089f16a648b

SHA256
cee5332d8ae4f227d278d450428b615c55dfb6d60e5664bcb82c83d1585c106f

SHA512
8e6b5c4f8563561d0d9a1b9a616702808691f2f7f18beddcbf1d4eb45f8ec5739097587bb03abec1b0e33c3aa1395dba49ce88c7a6ec4f77f471b2ed4d6bd530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
49cf2729d2d24e56cc94f54601d1fbbb

SHA1
d20fa140ff89156d282a5d7086480db32de09a14

SHA256
6f77a36a9842f6571be945a07b7beaaa8c637f6da9141ef31bdd074269dd877b

SHA512
ded9af85df58df1e06c499e68c20f6b3e2600bb44fad4c4056b68c0338386a66ad87bdd55688b9f0be80b693781fbe628d7837d242469b20e2067ecbfa077293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
42b2d15388c552d6120549e306d9a77e

SHA1
9e811dc98d42f52d06593b4198b17dcb0c83d9d9

SHA256
35a58068934ca8ff29d7412e7021400323c883378300cd04b3c56b8db243028e

SHA512
b7e4b8e007eb205459a7d381d25ce8d33663e274ecea498125348954b83fd3e1fc6a08bcb7e148c415a7441da95ed7eb7a979f59d2fbcd1b2aad7d7821a9b97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
542b4b31e22195aeb31a0e9037fc0728

SHA1
4cd30a3c0fb668ce06ab24b345f3af571add476f

SHA256
0cd4e04270ce1c390cbe3a95842356e45266098643e0957745641bb282d869ec

SHA512
93769b8a8a400241d2907c043bb04bd179e935cbbfc3ee5b4765da896edb26399566bc05b7b5d8e815985bc385cc57b633da5a10c0f2d8a07c07f7c695573a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
68feba805978bf42c2dcdfb5f94ffc03

SHA1
d45548b499b9864901bad957e1c56d39278f9a51

SHA256
7a9f1b61abfe102754380cb07e860ca882adc52a56cd60f8ca555194190641c8

SHA512
f1b6539b71d6f2459315513ae1390065063c12af82eb0f643a4d8a70ef5b3f546e7302bc76615f69ea4b381ea0679c037cda833ba94d0e7efe81f6893218025a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cfce.TMP

Filesize
98KB

MD5
35fcc82fb762511f0a42f8a5041de173

SHA1
09211ffa8e425fafa966078d5a82aceb97e66d6f

SHA256
595568f2a08670c2d7452cc73f739e42ed73b957355d2fc086435767fe44c4f5

SHA512
682a2c31475ad3dc9c6a82f5fe82bdfa8a303079cf3c3f7b8e92fe06657effb96b320788f80ca86875508e071cd59481cb93eab043091d6fbaf419f6c427858d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit