dca95b2391650afa89f4f0d61dc0eda1b6a79e61c50e03b1a33cfab2a906fac9

Analysis

max time kernel
1137s
max time network
1569s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download (2).jpg
Size

10KB
MD5

1de85c118b1155f7f753c1f11143bce9
SHA1

624eaac16b6cb0ae7f235be9ca383a27ad64735d
SHA256

dca95b2391650afa89f4f0d61dc0eda1b6a79e61c50e03b1a33cfab2a906fac9
SHA512

30e1c7d3ed17343a61cd042fc8087e0d050561b08a3ccca342cb1a5b7f9bf46dce14ba880eae950d9298c06344604b680b3ea72cae77d3941e7e0f95924d4d7a
SSDEEP

192:qFK3/UJrGu7cIVfDQDe5vw4cxQBMT4+CO6q25h3ZZsFL3EpBgzj1f:KKPUFR8DedZqQyc+CRxIJeBc1f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2980	1748	chrome.exe	29
PID 1748 wrote to memory of 2980	1748	chrome.exe	29
PID 1748 wrote to memory of 2980	1748	chrome.exe	29
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 3012	1748	chrome.exe	31
PID 1748 wrote to memory of 2964	1748	chrome.exe	33
PID 1748 wrote to memory of 2964	1748	chrome.exe	33
PID 1748 wrote to memory of 2964	1748	chrome.exe	33
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32
PID 1748 wrote to memory of 3016	1748	chrome.exe	32

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\download (2).jpg"
1⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fb9758,0x7fef6fb9768,0x7fef6fb9778
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2356 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1328 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3048 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3652 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3832 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2500 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2344 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3648 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3764 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3856 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1136 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4124 --field-trial-handle=1396,i,12746999777546002676,7821726288621655967,131072 /prefetch:1
  2⤵
  PID:1380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
58KB

MD5
fd260693cc675c611743b0211a32cfda

SHA1
217a28596306e1738bc53fc2d49b1338e46fef64

SHA256
4d614d69036285da97a42eab9bf618774ffdda39338e10cec94fe6b3084171e1

SHA512
c6983ae9447c62719b7418ab6c38f1f00f4529d0ff044a07377dde752cc0058da05a1e6b571866ba477fb8aed670ccfc146d8507919a97067669c6279126955e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
192KB

MD5
5036f7c363373f5d9cc2b6519806feae

SHA1
3caf2148a2eb7c82f9aff0f3a2f4594ee70327bf

SHA256
715c5d3e3839c1b47c3008e8a89f929e60858ee379724a20775003c692e9fd6c

SHA512
4661cd6fb02dccc48a42fe127b1e88f7e794cd4eb1d8a5a8f5075f772dad63211efa349bab579c5bb81bfb2c4b1be201c6725a56f617f8913a2235e3565fe645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

Filesize
2KB

MD5
ffa643544fe49154bab403a110478645

SHA1
5d9f158dde5c8c6c68bcc2372b39ec30223674f9

SHA256
91ad53196da86e3b34e3d9396c26ce7c36e02a1ed03d59d54a6a5e0d0d3b2f27

SHA512
35adaaf52efb9c00150d5a3afd6319415a90f22a351d2b78a7b1c00d0d880126c73cec2044f066de90b6c21248da16470c638cb0c939ebfd97ec45fc4a4c7396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c240b76738ff8130_0

Filesize
309KB

MD5
f2b4975922dec2760680d8bcf6be327c

SHA1
cdfbb48ae3a9dafde4eb26649bf7e5402c9b4aa2

SHA256
88162e7372e0ab81608812fc1d1153a5aeb567bc33a6aba6f6615d27fcb807ff

SHA512
fb162fc6939f13f3d65a40ad4d86d7091ed37ea5bbaba1c776fbdee802984dfb1d4009705358269b621d96fc71bf63126113e7bc821e744e5388fbda1023f470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4b4c72ae882bf3b_0

Filesize
289B

MD5
480f81f8bb50f12e54750c4841d4ac7c

SHA1
360787f6a8041e9258916410174a9ba36c7a0a42

SHA256
757fd2f47d88f8e6f132f0d4cee778956123c42ffbf0312b5e95847d8dc9d5ee

SHA512
8b437ae1dd5f0d118e4805b07cea92da7bc29a5314fa73bd038dcb341f5385e930e1a1b2d876aa0af4e083f20240825bd474054719ed168a3ee4ad5c3bbdb812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
640a2e668585f31489fa75f91525269e

SHA1
0bd7bed20f32a3074cacafcdcab1f56ab9b7e0fc

SHA256
874bc77d7d80a74cea1f0f4e4f2559ff5a67d294bd15b3c1183c6a2efa3e061c

SHA512
18c4a29adb5b5cd66e1e9a7490b24202e7dd1f40fc8e620466e4e97a0be0648bc206e0377f0729fbf07a704f6cb980e75c6f423b440d530afdada41ddff2394f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5165e85d028e0bf5a79210bb49f662d8

SHA1
21d00f94633ede0b2f9db8f8ff61eba14c1ecdd9

SHA256
819c054abd3c35bf6e14a32c93c73c048c8923eb0ba1e67382ca8efdf991cc7d

SHA512
1e319659ab0d5fb380c3bf690d9cebb901949cb3e8633f1a778910ffd5876eb7f7f6534fe28b33f86208f3a72900dd0575746f6ee67baf7921bc3e42fdf437f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
96b54dbd7586ea67cfa4b6e5c3d15593

SHA1
e9cce75fd32f1f64346a6a290309f13b6a459538

SHA256
ac23525a65f1e81143a80b5b1c1583687aea437d4ce0c020bc500c5303dca6f9

SHA512
294823aa8e3192d8b7b79715b40fbfbab84d9040a5c92edc63d5431c4c456dfff8c43418e63e079b1bbfef8f62e34045de5f77974578c2bbaa64a55031f6bb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
d866c499ec3c10f3649e2c7be3506447

SHA1
2511fd3f8caa23fc564870db6087d4cda7f7c482

SHA256
54f8687be44e3ae4ee53995a4b5c118f2bb348e444b229bcb0743a5c0b2474c3

SHA512
f22650919ba169c4c9805a2734b4556d1d41ffc0772dcc148b7ba3e5ee21381ba077fe9d042cde2f731c2216d0da2b6d9c9b6770df24b1fe6fa0fa5f5e9b85f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4e8f4450815284d1cabc8d9ffe9fc9b9

SHA1
9e5527f05e5031a1eb5cc7e813797e10f619eb05

SHA256
47994e27b5dba730cfa6f5a47015887351f6722516e15da74892ddadf55a706e

SHA512
c5be7a448f033b124dae2fb982a66b477f1e81ba169ace976ea5179632fd1809232dc8fa2dbaaf06c1723997e21c7cc601b6b31b8bbc7bf35e4b7bb2445dee77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
68bc0a438d86715ba2b1025835badc32

SHA1
4791ac40ad6319f165025eb03bec11e65212c155

SHA256
2e396219965c7a871abcb43ee73c69db7c3c6940595c4becbd4b4c55a86ec5b3

SHA512
9f582f94adee6873fb574927e7825cfb7b08d8821852f5ecf8ab5792d56a09b32c3bde05e2271f6f5561088cc063b06469f1297651dcb4e48dd1cec14328dc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c547adca4fe466a96cc10cf67c87da97

SHA1
dc2b786732b0284a7a3548d7e4b0d52d293f656c

SHA256
d58f8d47e62683c619850ba29b3c364a8c3dcbb848599d1b5eeffe318769ec97

SHA512
8219bd6b7102b034ee0dba9ff63d90b18c4f5cad9894ca8325d601c112303f5a46c4f850918ca15d1291a07aebdc01a0f76ea1451fcf042317f8b648fe797cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
eb9e17801feb3ab64f8dde1ece391728

SHA1
b61aaaac6dc8ddbcb9600ef628451c55101fe968

SHA256
506f824a297a8e2002f61fabe3e85c8ddcb62abba18731a202c785655e497dd6

SHA512
78b2eb8c3bd9450f18e834a3c35de21a94802a9f611be8098747976a6b4c21987e6474f979c980793a6f9dc503cd8564ef91ec212ae72651ccee5afc9ffb1a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
47d691138577c7d480f5849b934910e5

SHA1
2ca648d383725e3eface554687f0506d094a1a48

SHA256
6afbc511b3c21ae45f242413f3c522597414d50187c3c02fc7429353fb76cab9

SHA512
2d2ec10c9d15c66a6b02a3ace3f80a3476401425db264fcb6d9f1f02ca012647b63604b78f5465bb5d6294295720836f4e40b8cfa7eea6a801cec9959f9cebed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7063b81e75f1765e1fad19be26d12355

SHA1
e4846e6c95104b66d402e6890901202ac8075d67

SHA256
0def2d262a3d7d6d287445db1da5267e7162a45b8c7d0ffcb9ab59f8bf84288c

SHA512
951a91d9302ba607f10ea022c740cc02c1870474dee9fd7c371f4e9a24097e49c36ffa11800a5907ccbd6f6d6926daf6d72f73b27f94f34d7684574fe926619f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8140764991471174c047af5af49b1a03

SHA1
fc5d94065fb605a02328bf20fc846943cd6d6667

SHA256
19f041dd76989468131aebe3d15475c5b725cd1b9c646141a6a710b91fb1e5ef

SHA512
14c5341bf5505b44b92104a41c57e382dabf2265a235bb36a9aa4f72b9f43b74d965ef0247064a90a6c631e753d360af951b578f8d146d6f916c42a542ec024e

Download Submit