hxxps://gamingbeasts[.]com/grand-theft-auto-6-download/

Resubmissions

25/02/2024, 00:12

240225-ahc15shg6v 1

25/02/2024, 00:08

240225-aferyshg4v 1

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamingbeasts.com/grand-theft-auto-6-download/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532933647609757"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
500	chrome.exe
500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 1088	3712	chrome.exe	47
PID 3712 wrote to memory of 1088	3712	chrome.exe	47
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 3732	3712	chrome.exe	88
PID 3712 wrote to memory of 2072	3712	chrome.exe	89
PID 3712 wrote to memory of 2072	3712	chrome.exe	89
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90
PID 3712 wrote to memory of 2000	3712	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gamingbeasts.com/grand-theft-auto-6-download/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xbc,0x108,0x7ff964d49758,0x7ff964d49768,0x7ff964d49778
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:2
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5040 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5220 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5608 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5952 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5140 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5664 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6080 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5188 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 --field-trial-handle=1920,i,6285846039948357456,16650197874088956800,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b2683602b1751a0ad71114e200e58669

SHA1
cefff73b9be5e074be7f8f2afffc7d68edb7f9a8

SHA256
a35e246d571524645565eb904442501318754e6cf6a8e8ad6e563f4b33cebb56

SHA512
4778e295f6b49034cac07804c9c5fb95bba794050bab8daaa3c242d838e1d1400224327a56228b05d3226542a6dfa65e8af4a6b1b9ad7bc2973d8bdbe61b5d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
cd1f8a594ff6585afbeabb240aa9ffef

SHA1
dff588049f46ff547fb5b4e2d36a4f45eb4de859

SHA256
44d2058e5c51b92537e06ed3bdd4bdca3c2e5d6f03cef0984d51be92dc8708e0

SHA512
52313da571efe411d6700feeb1b372ce384930d70ca2e15b474ae9971758a7751a7a1068f7d70567798bc497b1d9c33b90e8797557587e41436926b26d0c5497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
4fddd33d402cbaed42eb0a6824e85f8a

SHA1
e2c505c9b4a0e70892e6174216fc7a292d054abf

SHA256
c426445a38ab246e7228a5c1a808fb8cadc4d1855c1c86f0c0f80d9db291c672

SHA512
5833e7fb39c7238b4ac200063a6cb47a9088ed2c232612c56ecef4b14026dd470bda093f640d81cf52235a13c5e856fda6daddf46680e766a152d97233b3d55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6524440bface956c5ed7198092de9382

SHA1
d717e1341e21d7bd488a94566896a54e21874016

SHA256
4aadeac2ea95bf97c905116b6bba644f0ed89ecc4784e657a00c6535c239b00f

SHA512
dc47e75469cb254ba29d383f1019bd7b7ba363cdb496cdad3ab4fcb7a346e1661702fe724080aba55dd64d4eb0e26c64690bf8408edd661d438d7e27ba6093b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7d397460cc61cc2563f5267ae18b3f19

SHA1
f23893823fcbccc518d5fc1746a0cf40b6bb2021

SHA256
4547b4dc99b7b9dbd91f4736f4469b10928a16bfa9483ff7dbe88a0949e08100

SHA512
fb45c2c74af41697c4c25fd74dd073b33a655b954b4d5a35a5ac7107be5dc7bbf259d5b74132c5fbbf63103de2b9e96f46e197399005e21c699fabafce160df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5a89768b013ca63fa1f7b201deca3407

SHA1
4a5e0ec724d9b44872fdfbdd85957ed54d750fb2

SHA256
e83deff753fb065f8303995ff780a983e738b82221199dae7487323dc2980aa6

SHA512
434332f61ab3d368dcab5b6043f0d7acff2923a9a5768ac367f8b33457ab74bf495b2374d89045fd721b1f27d0f75d9b27c9d8895a31bd33bf19ea876dde222e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2ebbe0921c0885d20ff5f2da186452a

SHA1
6a5e1cf03ce98303e482a403917f5e04ddb0627a

SHA256
43f94f01b5e65bb05626aa62bc17b54063cefa695b05143187c0c220e7493a23

SHA512
0f6b6709a97869d7aadfa709feda8bba90ce1273f830b24687f3f5db713c1560fd168bee1e6c56588fda6e40a44d8d53cc7f8a3090713bb858097daaa2a55d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f063184467e6e0b020eab5496f54b1c

SHA1
f99e9b41baedeb7e0c96f5511acf9d59d6b86f24

SHA256
aaeac6bbcc1204dabcd6000ce18d404917c4115cd8b7b3bdea7769bf85018ee8

SHA512
41eaa2cc698ad4339e4b0c23ac92bfdb132fc9bafd56335b763d0ab77bff4e24c22002ddffdcd1771ddd8e88da21380a290c45fa5bc4e5d37bac7a6512df5a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6dba309b3fbab80bc7062c7a0a48623d

SHA1
ec7ed287c5229f1e359d015bf2efa9b03d6073c7

SHA256
1136844d138742e764d35f0295c89e3359e8cbc3839596dd6eb1c9ec6871756a

SHA512
8aada1b08555615300236965a59e7178fa9b77deff51f05ee5bc8df9f173eeb5db4c54db44d933a6c8236270b66d5ef6d2f562cc93264d8427f80833f2414098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c0c77d7cf687b281375ff9475e42825d

SHA1
59e952824927fa4bdcbf5a946148b208fd2929e8

SHA256
bf6c6844808dd21adaa4b06cfde7d1296df1a3ac1c812e47bdedcb119792189b

SHA512
44f6ab46bdd7d3f96d8e65acfa5f90bd12ae14bb48f038ccbf66c54f5e7d7f34461230695f4633a6e1cf6b52cb4b7bc7b98538c8e345fe69f5cb5de296496141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ca12e6cf3fa796362cc69282d0e7f8ec

SHA1
33a0210f571f717666e00c20aea0c61b190d8c38

SHA256
5866438b10438364999007d374b483b6be82d5a4423e93a314c50ee828c144e9

SHA512
92b3cb9bc8a1c4f0c365431c360012ff38ea52f56bb7b650561af713cdee9a9e343557726e6b07d555241f5db7dd914205e37b0921800a526bec6976ca388071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
19f2e986cd96ab5071a816fa072e3c74

SHA1
26b82f7b29444aa359d9c05ee77b39f40caf76ea

SHA256
df4733314e1d1467387bbb2eab656a1bd7b4e6dc3f2d5ab760c17aee7e628229

SHA512
cb6cca93646a29515e552c4983264d6f8eb7caa044b63b4534ea03e1d4b044740578fc5013e0e675146234a367663a1e7b5069d40da341049c64e1bf6fd25ca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
18700773159d55983a03c36519a1ce7d

SHA1
690440999d5a100c9fc66af099e616a928407552

SHA256
087b48052d510c08977bb029e6fefbd81b82451f0dd596870f57efd9f0c3121b

SHA512
e025a2d1ceeb3f80494556ef584cbf10f0a5ac11f8b03913ec264aa98d0a15f682bf8ed08fe58396851c0f85fdb730dd174736afa7230fc908b6355b64c2394b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
29b17f44d073324862ef39e54ea38c72

SHA1
676977a910405951b9b2c0b6d2f93fa271a96b81

SHA256
aff8651c90401dcaab749e095b52aad15b7519604a65ccacfa9dc8ff749ff5b2

SHA512
6872cc8576e8b576f824ad96a4b3aea951dd1b40551885cfafed2b560b28cd578635bcfb345a9fd1fc1c57277f4c5714db95ecfc98a7d243e2b1bb659c2a516e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583c39.TMP

Filesize
48B

MD5
cc6c31995e6488eb17d60d260bfc49ee

SHA1
168094ef03046e2d4df73b2f9dbe91d2206033db

SHA256
6cd623f01092cbf7e2b82a6eacca01b3e1aff6ce407abac840be8683daf08e98

SHA512
43b1eb77a6c66ee07151efc220deb3f5eef4ac31c49cf334cadce57a9e36d6bd844da1a8e95ec3d260d401d2fea37a95dbdae1158d2b53ff39416e56b04816d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
cf197f93df22b909d04a9ae25b2db655

SHA1
52819942134dad779b36ecb5bf9fe66f168b2c96

SHA256
1b5b002f0b1fee565fb9cb9e269e72e4d52aa787443093e88cac680964af3765

SHA512
6f873ad7792f1312454f2b2ffc066aad61531f7f30dac26f86d0f3b983c24b83dd365dc365fc8996b33e39bc1022059e8918e78a9c9fe8446c98f796be4738ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
3d4394b5b8b89d7210028f82f8296d81

SHA1
27ea3cc0577b8c28d29f64bfa5e5c2832d2fa241

SHA256
59094e18284f1bfe3eccc1638772dc2935b4966a6902785149da3624593a7829

SHA512
01ada44d8fc6c24598b1a80ac081a11ece69266109ddfb25ee281165ed65f6de02b8b6ac086e200acdda07469292a11ffd829bbeee12db4f427c8c14c013effc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
5c434e89fcaf5acf64b04edb1a9cd8fb

SHA1
c705c59349fd85441c7f42715be6efd8492cf319

SHA256
908b1d0be667023b56ab3f1d687cdfe78b0afc41954f2b64dd47fd188a534876

SHA512
95be246672f822580739d149d24dc4476d93ddb2ee9fb97841847924ff309551a15dee678ed7c739306b7df33301f7c351c9073f43c080b1a2c8d1cc7d89ffb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
e6377c61681389edc692822d782ae1e5

SHA1
8b57638f1de1bb6befa867c8e06fa380346df8a2

SHA256
3199f60e5062d688cf87fea1caeaf9f964be923e8257fabe648405a6e39b46f1

SHA512
e8083e1891d8464f2ab472e6adcdce418cc7370bde085bd2dfcc609b6a6f6e72edbe66929abf21b7219725bee9cfb219d4e35bd1ecd3c983d86a8b27a55154fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
4c411eb34e1a268ff5052f77ff9e5271

SHA1
062a05b139e4c8548a5a74fcd1743f5d961131f3

SHA256
5ab9c6ca5e6b4361d48a245222247faf9c74ce673ca72c7153823fff18afeba4

SHA512
342021cbbd4ba91e31748eb488e378f1128da8e0b7399b388da3234d4a6172e2c66d70331a2bda2f6270d1a75ee881f89b478891f28faf036386fe280738397c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
e77a712ea26e541422a549816cba98c4

SHA1
b10545295d845a3ea2565fbbb0730aeaba7923c7

SHA256
329c4d538156f01f1a45ee337d49cd73bd3ec5664827b9cb9c957d1e1e23223e

SHA512
4570044e25437dbb1ecd766d85f92d6e10de2d8b6c3b447d7c887cf73de8603d5e477c542788a71e61ffb216fbf1b3b308730480038fe40cdd5a1efbf2f8acc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5806b2.TMP

Filesize
98KB

MD5
c8e187769e3c04370174678507529ca4

SHA1
65f73ca97434a213c8cc8d89c13378b2e2f53827

SHA256
38b70dd093151e0bbb5445b4851a8a682ef491726126d0fea397a1940c6d70cf

SHA512
17c98b20da1646c52d62c276cfc8b92d27693293781203ec24777f38ab94dbd56703ac4753830748967459013f7ff757fb0db2755a2060f5abb70c233b6b9938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit