hxxps://noodlemagazine[.]com/watch/-106753438_456241919

Analysis

max time kernel
105s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 11:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://noodlemagazine.com/watch/-106753438_456241919

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549749660304133"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1656	chrome.exe
1656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: 33	5388	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5388	AUDIODG.EXE
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeCreatePagefilePrivilege	1656	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 4696	1656	chrome.exe	97
PID 1656 wrote to memory of 4696	1656	chrome.exe	97
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 2024	1656	chrome.exe	100
PID 1656 wrote to memory of 3780	1656	chrome.exe	101
PID 1656 wrote to memory of 3780	1656	chrome.exe	101
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102
PID 1656 wrote to memory of 4408	1656	chrome.exe	102

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://noodlemagazine.com/watch/-106753438_456241919
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6db69758,0x7ffe6db69768,0x7ffe6db69778
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5088 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5460 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5564 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6052 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6216 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6356 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6392 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6640 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6060 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=7028 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7188 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7424 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:8
  2⤵
  PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:8
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7420 --field-trial-handle=1720,i,18032984597787617904,15235305715998815580,131072 /prefetch:1
  2⤵
  PID:6508

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x294
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:6204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
641KB

MD5
bd3aaf2ef326ca46219406b0d7dd4d76

SHA1
43525d12f31b9cb35beabebb0d6566ed5474b5cb

SHA256
7ce866d605e873fbc251797e5f3e5f6a2defe94bc85125baccc4e6897d2f90c5

SHA512
76fffc9687feeda39fbfce0a97d25024cc18d081de50b7fab0007271c89de3dbd7a883065da4fd9802a97dc6c700170e9ab09f751783b9a01326aeede88e8161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
215434cea0876cc0053459f05ea74ebe

SHA1
1f6328503ca8a10b4aca283ce8b931b520d90497

SHA256
6239937a32520c5fb95ba097aaa7a281b3b220bf0cfe726fec818be27a58e478

SHA512
3687a298173b765cafddb1c30bb90be371b0468fa18172c9d96284bd59475dd171c7002df862467672083d759400682448d27b27ebe18251321e2956330475fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fadf3c5baebd2272fb3f2d48b5886127

SHA1
d8fa9f598efdecaa18b0e2c31e021ffe1830ac27

SHA256
b8a6ef1cded0332b4659c8394b8097c01154d10b5c247017b33a5a1030d3bb9b

SHA512
7db17fcfa23df0f7f634e37320bc202fc098c2ec383f864546abb3d10842d75492f82309b777ddf8597294134b23ad74593cb05a25acdfb93d3021344fc315b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5cc777df70f9511fee181cd3428b2a3d

SHA1
62abf815b9d08c9dde39108b1e49d9b8be70128a

SHA256
b2869adfaaf44839bacab8de2179a8b5cd6f60005818461f134b03d0a323b80c

SHA512
d4b4da8cafd53f1453944ea297f08f477d07845f2a802197f7f37e6722a1b65de9683380e9a268c3a7012c27e3055edd69c5d5533d90a103a9854be362861b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c8a833600aa48c486171694129caa504

SHA1
3296383c19e45539c81fc1babefe407a674ab27d

SHA256
2299e73eddd3159766fb6ce6d4849b2883d51934656e7ff927889b7e59fd8eb8

SHA512
d469c55bcf63b5308a9b96599668a758618c86b0c7ffa521d3c62c48d7ca484ffcad50c0659f0d78a228d5ee59b519d4fd5144820856f99c70ef24d7e7daeab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
11f7f59185a79ea9b8e726effae3b699

SHA1
4f64ff5805a80c911b85b01d80ead3ea8a19a44c

SHA256
553b9bab2e40e936e6e1a181d25ef297921d6ca11a65a925b3403dc21facb3d2

SHA512
e51a96399114309bb230fa8ea510c0ce8920faf742aa081414885092a885b9b6691252ab803c60022b195754e262caab0ec0109e586d8f65fc44e245bb6f0026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ac040deb20c51618fadd3cd25e72a2f4

SHA1
34c43bff88c8817401ceff5c52128c54908de1d1

SHA256
8c45f2c782770041333a3ed485debc4716d83721a4594c0ea09b8520649393db

SHA512
60edc4e99a9752dd86c8c7c829febc5d5845533c8e949525f8d2b3b97acd0a0ce05a4fdd8cabde750f162207a85dda4d1d2483980fac644d6374fb2bc09ad24f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
617ea3c53f94f4a53682d707f840988e

SHA1
ac0d8366e67eb907051ec241711168f2730d34d4

SHA256
743d8a869e66106fe98a3af8f5ae276f4a42f71756e62c9e3360bada5cd4eaed

SHA512
d31c1bba9d78fa9ad24dad826aa228a8e80ec0d6540e1ad3299d8f2cc6b95821ed1913831adb5d0f4b804466cad4bf93bac24fe8292a522340345268d9bb3460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
25a16abe757b3bf88e9bbd2475dac1d4

SHA1
fdab5f29cff60de6c91a94507b6889efde808552

SHA256
5e76be6a6548b2c78d19e385aed05523716a7f9d11449c3e874a3a4772239d64

SHA512
0dc4aec563af46f281b6163f225d93426e6c4e59d64d7e4fcf901c1d406bedd1bfd895889d252004451b6c3e8f4451498aaba60bc28939c920ee6928d35863e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5a54c0357682d9535e8c1887d5e05219

SHA1
371bd9b1a1ac4410606d8a8a69b45365f3cee1eb

SHA256
5699ed86647c2aeb2444b2fa53456cff3aa5ff3b7584fe0181134002fd87fd40

SHA512
165d05cca20efb9bc1f6a504522cfe91725172947a952b1661aef112523d2cd1375f1aa173d347f11e882a53ed11b833fe551f47853056b144abc1f99b00b06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5479baba9cc8e2402f9ec63a852624c9439a07b\index.txt

Filesize
124B

MD5
4969b4cd63fa473028a782064e39f5e5

SHA1
d697755d345b907d86a451fb970ea2fd10604f7d

SHA256
0c6d06fc1761b67cbe224618d3f0c9ac9b8e37bbc77f272dee2efa3f75ec7c36

SHA512
c49874738475f6448caedc4dd5b0c38ee4d6797964da731d6533cc8b633ea8da775313bc6c81d97dc3806eccd3d0027f52f3eaf5c4129119bd16ac1f8a57db09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e5479baba9cc8e2402f9ec63a852624c9439a07b\index.txt~RFe590d73.TMP

Filesize
131B

MD5
00e96f1a4d9f5ef9de332dc03b9327a4

SHA1
af85db59cf2afebe2f0a5259598f7eb7650defe9

SHA256
673727942e0b1a723605f7cb6f9ccb0fa1ae6b0209492e8cbe1726a0edcf983e

SHA512
e867a6776e4e742932649a4beaa66ca2ea9065efeab668aa67f4c04320f3551783f23f183cfc1e91684cdef369ee9fe186996186bb1eb590aa419ed98311eccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
15c48535f134e6e919d6f90588a10f5e

SHA1
c6e7af8b797603ded4d33f033f429c6c921514b5

SHA256
27c0167d95f40746f92a0545197dd47e6c725173e11651139feca85116fa15a0

SHA512
91aa9b51d2b549426625d62aa19914f2d2026f869f8c44c396eb25dbab11decc1acec14410dfbd15d363683aa80b56dd95976765b8690d298c0165963cde32ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590d06.TMP

Filesize
48B

MD5
226cbaf4372a4366b696ef89dfbe2c5f

SHA1
66b6b9f429a85aca337f327cbf73f0703a8db9f4

SHA256
19eb484e464fb43ced8e9e69723c7ce6d457641d92d637bcdab57ebf60d83991

SHA512
704ac3e6411e51b5acf83704bd21c8fe086de56cc9ce73df8690bf5f39ab703c095c3707d4245e0e3d4018606ff2f8b8bfafe31d02e338ed05a9bc64ea14fcc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
62d1ed35857bbe0b95e2e4a53f4d5001

SHA1
4d5ef2ba803198ac436d89113584edccd62d8941

SHA256
07c24b993820a3734150c2378ea6c9a2161462ac1837cc048f6cebde0453774b

SHA512
0dbafcc493712f1c0d49b11ed7290034db81e3599cebf51dc5366e49ecbfccaf50f644208107766812ef9151ed8fd7ed8bff5be7fcf87f9bc2690b927cd66bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit