hxxps://kvicklyodder[.]com/

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kvicklyodder.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133558485247521752"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe
Token: SeShutdownPrivilege	472	chrome.exe
Token: SeCreatePagefilePrivilege	472	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe
472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 472 wrote to memory of 2328	472	chrome.exe	93
PID 472 wrote to memory of 2328	472	chrome.exe	93
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 3260	472	chrome.exe	96
PID 472 wrote to memory of 5080	472	chrome.exe	97
PID 472 wrote to memory of 5080	472	chrome.exe	97
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98
PID 472 wrote to memory of 4528	472	chrome.exe	98

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kvicklyodder.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa062e9758,0x7ffa062e9768,0x7ffa062e9778
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3096 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4584 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5208 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3328 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4568 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5964 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2528 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5204 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 --field-trial-handle=1904,i,7599667659050938749,17988123427684040422,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2256,i,16750283575152780128,2524258836761969159,262144 --variations-seed-version /prefetch:8
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
197KB

MD5
5e28e72b443ded036a4cf369d0dda3bf

SHA1
0500de4480a54243b12d096745c6ba04c9479e66

SHA256
15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

SHA512
7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b9903dc252d5e259e48986cd70a0021d

SHA1
f1830c776501264c6ed1fde005af32b12cfb126e

SHA256
dc291acdb59082628a545f67f08082004b11290392e43e100e46f32617a1260f

SHA512
efbb69f0603b3f490e6c32281a198ca202ae27d332ade16bc69e0e301bdf9d3452023c1d04d77eb6e1d5f77ab91d9d344de3bf1f529b6f886406a57264b04d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
74f57ae2651b3490b05a9aef53a64744

SHA1
bbbfd285a0cad9bc5097c1958fbfc493357c9a34

SHA256
3638c6db8610d6ed4e60ae536af7feb10d1cf68e6b51cef5b98e9216aa925145

SHA512
49469145fa74b7ed7786656b8b680f03c49fca13ebbe97f69607ffff50dd0998d8e92f21e2cab9b58256dff2eadba1e095eb89c88ebd7c4e8549a72cac5a3b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c053c0cd856495304d3b9621d606de25

SHA1
51167b8a6642c53078921a7cd4404e588476fdac

SHA256
e2ed8394e4a116ab63e18e8622a486ff3f34de14a8a21f53b1740270d2458c75

SHA512
d130664028395f0733f52708912345e2d3cae803edd4fcb46a221064211efb7e3e45354e26e5afaaa52dd6a33b33ca88b8b313741647a467e7c02d3bdd2dc96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b34c2dc6d382d95c7d11d7b519499b15

SHA1
cb9812f2e13b8bb50f824eb0bbd97f51c3667050

SHA256
50773ba487a7cf4ff9ec2e7f65706fe3b4f290c05f16ce5d36bd2204317ef198

SHA512
e6abbdfce8894a0a908f96026ce17a1f7dcef43dc9143240d41fb2708f3d0c21d2b14df63814b5f7c1b47eb13945b445f6062dc4aa11867d90facf4c7d9f0fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dfa398974d623f5fde51d649743d8085

SHA1
44c48f9e83df9e992611356bd5f5e7da1ab53149

SHA256
e895e6baf59eb11e176a267f6d8feae798054288c9900fcd78d98e3e460daeef

SHA512
60256bc0bfa0ca035310ca2f475b88ff7f3a6c6f5e55e225d8d36b0628e564e257d1960921d8d518535d904991f93dbbdfdb39dfc2cff7758999b80c89b48036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9b66edf7d80b594101e1c67b199e3ff

SHA1
23b952f001748a752d2b1b95d18bb007bbda26c7

SHA256
15199fcd9be53b7482960d30bc9bea1f189b3c389d5db39bbf537d1d063bac65

SHA512
0e822d979a393264615d84214d22794a6171da46a82a4a509b76df868af92e798201400bb5b27394a6b784b447f1acfb54ccf63717b6b6e9fa31ed5c279dd05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b95209384a9e53e8bb8444594d57c950

SHA1
3dfbea8ef3c317c669e01d05dc42a43381999ed0

SHA256
61a10216e281766a6b50f8dbdcd9b356a55b08cadfdd98f4b6416db694689663

SHA512
bbadfbaa5b1d01c975e4d50245c2a22e9d1154b92dfc128360725aa67e1d38803fd41606e06bd12ebf56fd75e6d2e435df3a1dfbef7ed6995dccfeb009c6d77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
869199c2d30718477699301ba48f3b5f

SHA1
e1032134c4ee95d704f05ae513288e7b920c64d1

SHA256
b8d6d704ec2d620df8d86fd62230846f1791a8376282ca5c82b34b9edb6f116c

SHA512
d78f786a20fce06dea36fe3c39e5076bc96a2b357afde9213f739059d4e218f81b1c244f279890be944c7e4ed2d646e5d6b75a71da4873f7a04ae8503b3a75f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
84bb496902b2934ef333f9dbb591f428

SHA1
25a651cfb1f4b3f479f4eba4f1ba90bb7e0db987

SHA256
6aa696f234caf7c91cd94badea566a6ffa29f32f5a1a93437ad27abe05d27534

SHA512
eec9c8ab5098b500522a220b30df22af47331daaadd7a4b1fc5b2ea487117bb29e063ceef564af00e1c93903bd4de0bfbe549ff4d4c1cebd9505b1cdbcd4f646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35c1e96298b9371a1105f849803a5956

SHA1
be7068f0b03bb00b25f2dabe64f32f77b757301b

SHA256
14ff89af5cb157fb0c554c76e074404d32c29d64b9d72af2586fb49a0f5de4c6

SHA512
5aad2ecf03a46e07b58e9e0a533d48402dbcd1d02c7f50867329ee4a340a3e7646660b72098242be008939144a5106ee58b5f4eb3276eba66e61a42f615f25c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586608.TMP

Filesize
48B

MD5
a49c212e87b5214bd5897dba1787ed4b

SHA1
5eea1a829c2d107a3ed99e0e6c325e443aba8bde

SHA256
e848d2e82befbf197d91d3e3c698a742abae9d6e216f388e75f3c799a46dea00

SHA512
0dd7e386eb0a5826680a1f2c1c051e3d1e33c46853c9f1fe9fcac3ac84c4cb1b6b607f36e9d77c505b6c2a568073cb51b376c4dc48532d91e8b7b8a1b4ef03a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
2b8061a72db5205dd0706dccc5c0f856

SHA1
6b12ba98673303ea0cf57a33f2e88ff52efaf758

SHA256
0f12e506d8f9890832600308022dfb0cb1f979371f8e1483f0353a9cebf29e72

SHA512
92210fc5eb7ea02b99d4d47e837340d52c7d681574e085f83124513de8376a8255342d8f1ac8837f9ac097fdaeae90c2c1c9ae582dedee79d5c224d5ec923c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
848428935e1428d4515afdbe786c3ba6

SHA1
9e5475308231288c26cb95c4859ed2c7a1185223

SHA256
b343259870ab53425ad3cc36cf75c1be0062376408e7a65dab7a615d8dacecd5

SHA512
f03ee2d6d66f220c174de8c4f09ce65778aba1741290b24be0e67946c3213c57f73f5937efa7437bd245c8da3331bf9a64b842ecacc2f4f0d7075977ed45ca72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
30c772f2b278a712f44a7092e44f2884

SHA1
5a9035eba20da3df40bf277d72ee7c0e729e3473

SHA256
38eb1e817aae9325c75deb3325a47561fcabcbb5cf8bb49bb694e62a886b9d7b

SHA512
df6ba44d8d5a73aa870580235f8cadb160d2b150ab2d5079b12eb19937f494c0e3ae504bf42e74e95b65111ae2a3147f9fa5c98a2aac5eaf50226b9086540ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
855d2b994546b3dcdabcb033778a1131

SHA1
7ec8264423c3c121e815dda558a8c58026887bec

SHA256
bd2240312826d2a70b6338196a55460aa0090f663f954ff74ebeb4e92bcfd7f7

SHA512
9d23fc9476be2383dba32faaefdb7ed02fd5de685842c71daa0443431bbed4930969a88d4167fe4d9896c5e9b08e5ae238426070cdb87c2ff9be4cebf1352efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
e0f35ac2c03ad3330332812473610fb2

SHA1
20ce17e6d204e102c628cbe4e04c5a2dcbe667a4

SHA256
e6e6c1613f14444163ea68e101a4ca192e9afb73907f2718d3369d55fce62bf2

SHA512
635898bd69e0b7cd4349772d9d0bc986a1e964c786fce2a7a3cb0b4e776bf7dd4763a5843c989196d33ab7a686fe189c3bd638d3f4eac3db5fbe027c35ca00df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit