hxxps://storage[.]googleapis[.]com/bertacanada/tuperSDA1202[.]html

Analysis

max time kernel
161s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://storage.googleapis.com/bertacanada/tuperSDA1202.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522356025219396"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2920 chrome.exe
2920 chrome.exe
872 chrome.exe
872 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2920 wrote to memory of 1328	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1328	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3896	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4120	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4120	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4072	2920	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://storage.googleapis.com/bertacanada/tuperSDA1202.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d819758,0x7ff98d819768,0x7ff98d819778
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:8
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:2
2⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:8
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2780 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4540 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3132 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:8
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:8
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3908 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2508 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3688 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4680 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4716 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4808 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:8
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5320 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3272 --field-trial-handle=1824,i,6225990224682995885,6034351538500734463,131072 /prefetch:1
2⤵
PID:4216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
11966249526055fccfb85c5aec429a99

SHA1
69f250c979867bad8e59f24ef551cd2b3d51ee28

SHA256
c8f407385ae0ef859d5f3d510a7e36c4b378f9d8523a65f85998037f284ed80d

SHA512
b43d6f0fc48f9530dcf3a4ec50fe863569c8a77390082c47ff41c00df92463c50b1ebfd70d38d2d471daf6d6fc5dd462da8f36bf74520e789fecf1751578d3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2ba89015b0838aa0f5facf7aac46a047

SHA1
e9afe8af18358126bee0650764409c6511553342

SHA256
7879585eddf87614922282ed5b4bae3e0c2de8832c2310fb29dbb8c1805db29b

SHA512
29bc751c918365cd0d902c9662266a82f81c443b04b2e8a371b4285813088bbf5a790f2ccb62b33634bf0a14efe449d5fb63c89f77c870fc127f04c1e5f3b7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cf25d3810e63ec25667c24ff0e8bf12b

SHA1
49a44da389fb89cc5d6118d969b0d21996f92933

SHA256
a63d5e7c8f888e89def5109f6ea71fce9b53f87df85dffad93dd6c659f09a445

SHA512
ef4dd209d9e4afa040f5aea1c837590ba046a29fa0c744b40577a2782fb4240b6141c294152350c5abbf9b4712c865a56794cfe27eb55341fcd265f08d2c505c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c8ee1ebcc94bb9a96ece2567d8b41ea5

SHA1
36187f2c4d78bf9626121bf49f933e244ef8ed39

SHA256
393e796d2dcb6a8770f359b7510b4b37dde7dff96868b15615b6385bcef176de

SHA512
aff72bed74380383521a6f1a5f1a17578d9cef6938fccf786c2d115896a6e678eeaccc37c366a3f22643d715648666fcbb07b8459d0fd6820a787b60f766e660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
72b0e9e364c593ad584903a16023bbae

SHA1
312a991454aa192d0c238cd8d64815223dfea362

SHA256
43b16921f82e266b15a7760e7ee1c585dd3a3e9b132a31b078d59fc307dcea12

SHA512
17220399b90d27d5dd22c918de3f04f20137281eb7ecd1b411ab18040935d8eece3f1ca22818e1b255422903492119eda37701a6ca0c65a4c21654a215f304e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2d11aa92a831ad4d81354e5466df2019

SHA1
0f9ac6373164bfbd4e0d0d76763fd0c1cc589833

SHA256
1957806a0c994682a7aee24ac91dc77364ee16ebc3505791883d27d825043211

SHA512
f73ca4db5017515d6e8bca038147f3c7ec85080c8f11b8ef6f848a2a53fc0673e51c45fb45ba1f71fb12954cd9b06039dd005e10f9b249e30915615f0d459ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6721f187f6289ef7d6b64505cb3c012d

SHA1
96f81df75d77b7407cd23ffc6f2b7739acbe196c

SHA256
0466c9ad4f28975002bb2e0c8acf632a2f5fbe4120e42c6055586aa474f209ef

SHA512
3f83bddf506d7c6077aeb3a40c0dcaa4ac0edfe958f5568a9ccd3c5487699ee26ad4dd8fa4ab9b73b3fdf38ad74469f2742bff477e2194a42d1b088042fbec86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c9ed03c93b8062013d1c992f3ab0e051

SHA1
26e2d43c55eee4e6f66c26c3db840570dead50d8

SHA256
43e2ce3c4c100d399a5cd9dc812bf25f9a500a38240cfb1f970b570b8cd0363b

SHA512
30d97f2467be32e24ccdb7170fe2174823215e0322b86a0561eda7e9a05551386884b28735163e81174469be2146d484285972a19761e6134ba0d5f2bc478b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ff00c4eed8e46fcbb7be93eb428c64d

SHA1
6d1f35a0713f30a1588f7f16369863ffc5075410

SHA256
617f827376cca8b8d93038924c0da867e4472bd87c88e43eacf9230e0192a415

SHA512
954c3a04a8e2ec46cb5cdee039c90be4b00aae86249021b84b7349067ebbb41a491589fce163d495ebba74db9ad3c61a720ee4d69d6360ec329599dedf01c502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c45a50752e320843bb5f6e048dd07779

SHA1
b3d67740feb24250483817c8593c6814f1f0449e

SHA256
e0db60fbd3e63110e4bdb3b036ab6b0e3c3fc65a1ee31c18cdbc330174bcfede

SHA512
c9f549e628e538b85bcff33173d485e5c60a820abbd97ad8d178e2205e3cf0cadf47753f6c197e94b7b1327ef4c99efe93b03cf354a46827f0c4c88e048636e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b1f091b44a27b0027bd7bc9ce569223c

SHA1
06b529e0a81d91ff2956b860bab6f53826d353bb

SHA256
be7990fd577421e767864b91e60b093d884f795d583d54aec9c367ffd891d6b2

SHA512
38d55f0753b163f43363d1dbef439a99ca69264764643abb8d2ddb95edb86823c1fde8105e97bd10c5f97a326e1196a46969ae975b65e627237e3a10b7031f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
0ef367c7e64bc8de0560461d7469d5af

SHA1
f096a7ffd943b2891430ad1ad3511db69053cbdc

SHA256
0a28462e6f067231efcadf121f0efd2b8774c91d496d4d8786c7c63eb1fec519

SHA512
e81adb32e40494001fa7154db19611acd56bb5d5122920df97c4ebe8cea96afc03e30307f2c300739e4f7a38f828bdab730dde1c4ac7db5c0fb48d43f1e33a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
51d5cca3078c4f844b560255a6b06c58

SHA1
5b3ff640e07aee41573ab2249e83246753d29dce

SHA256
888bcad63ba6605c47d13e55d585179862866ddc1715f90f8f409b74ea53a728

SHA512
8958c6d7707e26c68226283d2c4c67a5718a89215aacdaf86c6a5121fbc8624f5ed8148affe1096f7b415b1df995fa31c7b826f4760ec80abb368cf4cfa255b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2920_PKTPHKROYRAVVWSD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit