hxxps://udhdh[.]site

Resubmissions

19-03-2024 14:19

240319-rnaawaeg3w 10

19-03-2024 14:16

240319-rk974adh65 10

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://udhdh.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

228 chrome.exe
228 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

228 chrome.exe
228 chrome.exe
228 chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 228 wrote to memory of 1984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1392	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1544	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 1544	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe
PID 228 wrote to memory of 3984	228	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8c659758,0x7ffc8c659768,0x7ffc8c659778
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1812,i,14089506336378132476,8368574490766255657,131072 /prefetch:2
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1812,i,14089506336378132476,8368574490766255657,131072 /prefetch:8
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1812,i,14089506336378132476,8368574490766255657,131072 /prefetch:8
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3224 --field-trial-handle=1812,i,14089506336378132476,8368574490766255657,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1812,i,14089506336378132476,8368574490766255657,131072 /prefetch:1
2⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3652 --field-trial-handle=1812,i,14089506336378132476,8368574490766255657,131072 /prefetch:1
2⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://udhdh.site
1⤵
PID:180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4040 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
1⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5720 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
1⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5064 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5972 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
1⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5056 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
1⤵
PID:3340

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4676 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
1⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5168 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5780 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
1⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5088 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6220 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:5748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ffc86262e98,0x7ffc86262ea4,0x7ffc86262eb0
2⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2220 --field-trial-handle=2228,i,12975902829349462181,8826572518032110944,262144 --variations-seed-version /prefetch:2
2⤵
PID:316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2280 --field-trial-handle=2228,i,12975902829349462181,8826572518032110944,262144 --variations-seed-version /prefetch:3
2⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2416 --field-trial-handle=2228,i,12975902829349462181,8826572518032110944,262144 --variations-seed-version /prefetch:8
2⤵
PID:4912

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\17427477-c718-41ab-9a27-5ee3887ca9c6.tmp
Filesize
986B

MD5
be61b49d2872b08bf346b51e2bacb919

SHA1
3deea39111d036ea05da94e856996144f6f20b60

SHA256
a6b17583ccff7b7a4078cd79e50676d5dd1870133b52b0dc35126cd6d0fd8e39

SHA512
c6dd588ec09a608c0b28a927e620db00bfe2276c4acc2cea7d51275ca787a8ffd3c717be109fcd0a3294c0289ce0660d7045248bec353677ec60187cbddbd941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
986B

MD5
f15e83320b805d9f7c8003f4a1e6a408

SHA1
7d7ea88f764bfa7f3db85655ab6a40eef2b58ee1

SHA256
9c4897856001c1fd5a2fbc39755c0b146617b5b175f8a818b191ac37e35883f9

SHA512
1f2c6da9736c7416233391339fab9fe3a6bab526c576b5e1042305a15165eafe06db14db41862acf46f35f8579db9b9f9a774452b3056a29b717e121a5cc1529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
7d95c22a35cde5b036e0d056d311e83c

SHA1
bf5336610b94e0df5adc8ced4f5e0e40b66b57be

SHA256
4f728cfa9c2e99c07e26733862f009657c7134d160a9d88db312e67eb959f6de

SHA512
eb16cf42e8a226c7fc7077c7d838508e782d7625fb2b57240fa61c70e4bf819371c50d0b461ccbd461532a4186fdfae3402ae9cac0dabdb7e6c054a6456036c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
75ca570f11a6f0cd293f7ab90765ab05

SHA1
88f9513754c94685c60d08d1dbb7f4efd62a4af6

SHA256
307c4cb943cbca80ad80182c63fe58d9be0d505a30944fbba9d376c2869adeb0

SHA512
45ab75a93474bf7172fa8b6a430139f10c0f08f124ea8df5166d46f17b17112bb3c7fcc8c608ab38f08ad625eeba9fec7ca936e4abb0f8929d8506e072c626a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
dc297bc916c7d4f3e584643fb1d04c03

SHA1
1ed6d75f0fbb3ebea131dfcb734d90e3d3c792af

SHA256
8cecde16deb2ecddc3943cfbbc9c129cddfb1143e25dfbd942f5afee8c83fff5

SHA512
60a91de2d9206db8bd6121ee8291df7dd10abffb75d179d6bcd62fee86cd93288a279f6ddd3f55563b9a1564d709c6fef4fc8ce41e781fd58a879bd3ceb3caf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
259KB

MD5
994b6b984a7f2a47f997fdde2bb4e35b

SHA1
ad7665b7d9e2c36e469093b18a835560dccc847f

SHA256
d12c0b357e4e505933d35d4d2c6d5e08ca22a05a0ae5a10e48bdef227d7e2e12

SHA512
b9473b2b8bc6d6da9b0644e1ed68100b5ce18f578031bf23e5ef65d6767ed4cb6044015418f55fa34f6eb15b0578ed8efb84977a131b8c42dd98117883cc1eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d0378699-6801-4703-9401-ca7de7cfa175.tmp
Filesize
259KB

MD5
e50829a85b97770dc734522e41f60735

SHA1
febd43d75ef8e0302c9202ea25b7d0a455201e04

SHA256
64b09a004f25dec8686a5b393ade9acfd290ea75ad8cc9292ee4224212653e9f

SHA512
e0d63b2fc6c0a60d98e29d2e9e50e8f88bf5cb63617612e9e8374a992fd8ea5e0442fbb33e66ed37005a47e81939047587ab6a489618bf7b90fc97e317b61592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
280B

MD5
c5e6c17a84c8762c1c785f1539a7aa58

SHA1
f9561957d96385f540b041dfd8bf8bae710e1012

SHA256
eeb4005df2b16cdeac2fc0febe0372889f8aea189394bd561e84ef9a67f81967

SHA512
b0abcf81d3004adc8e44f5414b3060b6f0e8d97df06f362a400267b746eb352c6249e8029603a60bfc0ff767509ba89a229e2e69b5a969c33f1a729c6f50eed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c00b76b-d22b-413d-96be-004faba50d6c.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
66KB

MD5
635d8cfa01837e25ea4f5316cf2bd09d

SHA1
230471c999f578db02c22e61554e7e4b4cc4f2a7

SHA256
5043aa921c9b66b865fe525a9cf23729ec1ca0f41d2accf034d2971ac5cb006e

SHA512
941f48efafbfe05c1977c3c7f1d4be7e0626fbc3665222e668ea9b3fc0bf2d70555375d6899cf90818406ae3368cab59168c29e124cc7f30d138373b1c472d6b

Download Submit
\??\pipe\crashpad_228_AWLBFEYYJARMMEYX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit