hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/RVquCRoYpsvjP2ZvT9zyR_?domain=dropbox[.]com

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/RVquCRoYpsvjP2ZvT9zyR_?domain=dropbox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133558572994558401"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{9BDCFD3D-C54E-477A-8EC7-EAF5380B2DC8}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2484	1236	chrome.exe	88
PID 1236 wrote to memory of 2484	1236	chrome.exe	88
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 2632	1236	chrome.exe	90
PID 1236 wrote to memory of 4932	1236	chrome.exe	91
PID 1236 wrote to memory of 4932	1236	chrome.exe	91
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92
PID 1236 wrote to memory of 716	1236	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/RVquCRoYpsvjP2ZvT9zyR_?domain=dropbox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff245d9758,0x7fff245d9768,0x7fff245d9778
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4972 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4672 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3120 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5376 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6128 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4908 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6016 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3868 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5480 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 --field-trial-handle=1860,i,745906702502545656,5874922579177188354,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
42KB

MD5
93b6f18ec99bcb7c3fa7ea570a75e240

SHA1
60b9e3062fe532cbc18b897fac542c56a03544c7

SHA256
43693f7bdd6146e783fab3f75ba0a51aa3cf9530adbf790dbd686fc8a17aa3db

SHA512
ac1a9398b74eb75ac4d52b9a9054a1add5a836f2572b99307851a0bb6d93288a13199e06e5df4f1391209403bf775c9235a679bd081ca7f62b7752ed0fa691c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
197KB

MD5
5e28e72b443ded036a4cf369d0dda3bf

SHA1
0500de4480a54243b12d096745c6ba04c9479e66

SHA256
15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

SHA512
7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
df71c4c32602fc9133bf9831b7a0d3d8

SHA1
ce9d10db8ebb139a46edb00022a421659f99cdcb

SHA256
f6c2409ea0904a0e2b2133ab967323d18707c6f36b3aa180bdabec5ade072215

SHA512
12eee1cc68855e8f757f88f0965b94af803ab995d3a0577cf7750ab700d0261e6d599be3ffd7cadc3bdfeb7536c37d07b358946e1d526049e00b6b1ed9bbac24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\62f1b107-09f3-4c41-bd5c-c174377fa535.tmp

Filesize
3KB

MD5
e465cbdf5680bacb7be34a4a2e08efc8

SHA1
93744547f64088fa9cf588b73573df08721e58e5

SHA256
cae2ba01e82145fc91d560513e818b2e076123b9b03c5d07f6b541621d3fdd94

SHA512
ebcdd8f1a9edaf1f63ba136759ddb7bd2080a15d0a7285fc26bc9a373349b7c712f1dfbf40233ab257b63efe32086902ba3a31aaf06453a4154526d43b520d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
932d06c5a7f59b479d03a8d378227a48

SHA1
5c8ba92d94c19455e50a52adbb28006b93bb61c4

SHA256
c3c004173ad948bd162886dcd347dd521abd66d5fd87ed71afc7dddfc8c88ade

SHA512
0a79f7d54c1107d5933dd0a7cfc6f0614b3302327e6a4fb6d9f3c43ccba71d91f4471541821cde0e0dc090e6b6cae6979fb20c1b5d7813bf6769e3ccc9f569a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f45c94be7d4d1950f3dc0bb311068b88

SHA1
ecb9bc81efbc899f34088e681c00b6920b858582

SHA256
52e45f2a5e1a2ea9ac2c2dec0b66bd892e09f175502cee8f5fbbdcfa63f61899

SHA512
9499c92c10991e0407e3b5e30f5dfca28ae5949254e0edd42609fa196452b761d315eadbbb1ad1c6acc1ffb419bd2493f87ae061184b91f80ec25ad7046c4178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
396c801f40d61969e383ca51d8a64dfa

SHA1
06b94b466c4c0d08c9a8cd3812ccaae8205d0ea3

SHA256
2377368a3601314160d664d8e8b7b615317461cf42ae6bf2be8102452c5e1e02

SHA512
93e3fee16dcdf682b75d8a4c722e02428b507346b7ee862bb7715cf7bfabab66da5082bb6ed2f0b2de3f9927896fb29f1ddd8fdadb4dd0c0089ff6ed1a5bfd62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7c2dd512c4606b8eace31335b0c28db7

SHA1
d560b749adebe5b1793d52cf128eab32cfb10e26

SHA256
58211343debb153dd3e893254287f53b69b2cd2810a8ae6fed45e8355cc26cef

SHA512
4f70a87bf45ef19f70d7f6f5de076075f7814d45cecee244aa74b13134ac64e1efaec2943afb4f83586caa32f69a2973d3e256a9dc39e4c3cfa5e986fd2ec2b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
871ba4f35667b2b6e5a3ae71d58fe35e

SHA1
53ab7cfa6b50b8f1d978ccc1ea155db6a8d5446b

SHA256
4bbee7f442a641812902859bc7e695bed3f20dce476f327f5f4225e9fb4bff00

SHA512
05f620af6c1f43a30b7d26f8fa01fb2315a0a3f698408169711344fb84674c35fb451b50d22ad8d7020c7f77eb4bb2fda9151b647d8f097ba1fb5fa0f72d9841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a11f35c398e6921050b622424114d45

SHA1
d3cfb524c8df4ea805785e666a8819ab3d7b27b9

SHA256
4dc528d0e829bf22f7a18bc1f923192a45daa38eb0046921a9dd564ca3c1fdf7

SHA512
962d03a6bcf13f5334ebdb9e0e1342290133f61953961862bff0ecb33e92fef0dd9ca7030c83d5a4fb22d24cbfadd4469a9cbe4c580d073923156cbed39abc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f66bb0e4fea0c328d5d9145168e9dd8

SHA1
72d468447ee246728dde6b98965a6137ba0d17f4

SHA256
2fe92f5b3c97c9923d5f0b2510990487e7d97df2c943d87b0349f5c27a48286a

SHA512
f0650cfaf98887d61b88ed287ba11b41ccceeb5c295e63037b0c185d87658984eee8e5ec2cbec481af0b5680ce4fc7096035d9dd90cd5401acae3aa3eebbce64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
116bcb9121aeec058cd9ba8bf123b86e

SHA1
eacea4e2057e63d3f3ad4b1505702173691c6bf9

SHA256
03c6ca4fe95d0fb7bb73548db8adde88d43ce1d2033a4e16396e95a8b6d85c6c

SHA512
4c5ce7204fa35e3b605551a82e32ce3a504f81c613dd1890a668db7f77465bd5e6201f51391c3d5a10b541297c04ed99af4417e173774a1b5d90837458ac95a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ffcd7cc5997f8a56affeeadc5082e86e

SHA1
1a4fb908309c50d8b36f9a1e8ed039eee9153611

SHA256
a8b1ba4cae35ac923b86109743229ba37eaa6aaa234d6be86b12b859745e0916

SHA512
00bdb22d779bbb2e100673d6925baf9eef84b46ef100eca803a9b38da433f68ffa0c3fac5250423681e376bc608552d6a95fc394715d9158259f30fa39cd56f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fe736fb7542480f8f191ce5dc0b5b1f9

SHA1
a76e7424120a57231014b8b3a6f5b5da5a4b792f

SHA256
773b06c47bda6330ae0223c7f37ffd75e87b68f497f9c1b86af9a023a92761f9

SHA512
821359d531c8d2638a56029ab108a491f50b120365b030a57f3e7d67f4dd84bed6c56df465890923fd903cf32b1ef919a5e546ac1f423a291cccd314adb4c310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f73dc422bf7875a0273b8a680d60a85b

SHA1
317c196ae62e3ec93b6f7a4826fa039f8253a0fd

SHA256
5958d4be807e858bff26dd15aefdfbed44b099ef829108314d9b38b16108fa7c

SHA512
a5ce5d8d457ec4333ac4eb2c6ae9596f2ac7f5fe56d44b6155431a20ec5e373bc2f1071051b39409407edf41a0fe2135d495fd157523f4e62216135475b8125d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
37e3346ff896c6bd3a07b940c34e8151

SHA1
448f29f9a2a5e292cc89565d5676b0037f2fd924

SHA256
0a70cea9970d63d337b37d33a8d25b89a04007c9f01bc94e891170b6aff09e54

SHA512
5c3c04007fddc69942fe21ba9e9abe3f8dafb380f4381969e4c003ee4ced340918ab0749a3d34ac83aa5d4a2a615d146c62d096e20f72a936866b07fc9eae5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
de27e65e568d6f36a7bddc2cef916491

SHA1
1d1f261fa0317d6d57e27bd5493c90be04b0350c

SHA256
cc5a4e334e0cc049689248722cf6741200a42436492b0eb92717306c5934f6a3

SHA512
95357c5f75068f5120ce85d3b2886f874dfc6a8d2aef02766f633b1317b55f055b55634504c56f8821938c072e3637bb67cd9b67a2d548fa325ba5e27345991b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
549cdb02a8bab95c7da60a0fe19e663b

SHA1
8c7f056db7babc8f832dc1df8d35805d9dd1170e

SHA256
4c54f52ced91089657c7f0f54beb4f7432472939ce76cbc15c22ca014600cb5b

SHA512
76c96ed1aba2a633f03b9db31e7adfe5dbfb6759fed7b008b511d0a211252eb9cd871d198f3eb51dd1ac487530c797b4c36221ca5c1c76e2fa0e82dcb7da082c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
465c8e3703a419e7752e00a4ea119981

SHA1
a247550c02dc2c92b83c6d66553ae9a45a438cfa

SHA256
af6702ce89b0178cbf02d406af3409f4f22d8d3be2562acac14578e8ad3d9a59

SHA512
6c65ea13c8bddad05da0ac832624cbef9f23c4ee2b592710188a2596d8fa20900656db2f3daed084470a225690637885a92e384c3f4efd22080cc974f14d988b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
5b6bbb63401a5f75754ca99105c0d32b

SHA1
5a1d4a611dcc4b44eb05ab781337eed8952abaaa

SHA256
fd11464459668c8b361ee0faa7abe29bb7bb57dc8100fb1182089825f17b527a

SHA512
113fa4f489a2fbd7fe4c584375d2eb2f475f1a522398b41ce60e69866d52ce298ed9c36c91b9ccb563846e8346ff0b4489ada3d92df34627d24eb0213322481b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f5ae00a61cb3d22a8440ab8894f3a024

SHA1
c6d9423695f24c860343b4c81e431d930599263a

SHA256
e208b04095dd1bf634dead1be20eee3b4f385169068d6c14d65360e35fb17bfd

SHA512
601341e7d7045ead200e94f70c9d7f256cb298e06106bf9cdc73176adf0ffd0105d6dc0f6eb473f188893bf53c4d2d97d6f30ebff8179d6743cca209a6ecf3fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e02d031dffce639b8602fdda4b1591c6

SHA1
0ecad005138f6299812f9ce8621d0dd00996c7af

SHA256
1b0149eebd1424ac1cb7054eb998d985202a400d2a6c129bd115783c747644d6

SHA512
cd42233dff9267283e0a25319740df9464b3faa46ecdf070e2f6da982e010cae78aa533707b34d6789c009543226bd4d7d95f4654484ca842981a19889c175a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c5e02465d46a27ec664e5750a820c25d

SHA1
4a0ab155e1ef6a0b5c88b083c590e3f6729e5fd4

SHA256
c5f8c70db2e996796d2c4bcd96070ad94a6b3aee72ed454514ab6ecc836e36d4

SHA512
609ade7cf0d9e13de0ab2f7a6b851b2394aefbf8ed8e96b013a1a09c09ea74b407ec6648699cffeb0ab9fcee3314d165d448a0f33830c427b8aa1268a724c7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6c7c8d5bfa0ff28ac149f0e45affeabc

SHA1
bccf3811e30aa2ae1b75103420ed2db4d17da742

SHA256
ab767f452b025a802800a787398203ca62426db796409204c3487e34c13f3e78

SHA512
4cbf3c04a06944e37508cc257b42173c966c3a4b58f6b2cd1522750b663cdab6f01caec95801d9e08c0cdd5e3aa30a789e9603d7c329f960a9de28e1d7a43e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
30bddf2a328eb95726c85cb460d16ed3

SHA1
a8fe42008246d662d504a2d64820df2f8fc37509

SHA256
2b6368bcf89a3d122eb24d1fff243596ae476645e5aa978227ead6bd0c2e57bf

SHA512
fe182869384bafbaa36afeb7c1e807f528f2688d1930f7785a25a5e1edf9c224fe3d78d4db9c735d607188a0a7a1a19bfd8eea8544fe3bdaa35d68e4c7906b04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
acc7097e1916232fc65d32c2940a6963

SHA1
78fdfa1297f02e6032c5a54f8af186bd0a24472f

SHA256
6951131d869b1366190e646b6612f2c0ef17ccb37562a9fc1dc46bbb4ef7caeb

SHA512
e1737a8cf0e9d6b85202962860a7522c96f77867ab625995f39848a7fac9dceb0cf940749b516b75e90dcc7537643745f0349bcf4d1e93f9dea60edc9d6f29c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
600ee212cbf85f1fb149704c31369bd1

SHA1
32cae58969087e8578e080c5f7b5de6715cfc4a0

SHA256
24f53891e88a7e605929b31b6fda57fcdc430c442b6da39ea066f496a46c3b57

SHA512
fba0acb2703698a386de061da8336881d93dcdc8f9267a4485d580d000083201af954232c444cf1e9d5350372ab5e23d38f381aaa63ac37e3bd3e77ec8b6ec16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
406ccf6bd31a1681352960525fb67ba3

SHA1
0107deb34978b6bb72ef766aee70791f2831a285

SHA256
b76a960ea8c7c103f1b7c19957253971d6db549e8802838cab6d720577dea612

SHA512
9f65b9f1e9e9ad329f43225f0dae578f050b98a10d3a6a010b0da6aee3bdf5a52a1fa0a7b579f9d6d3e6fc8bb9d2ad41de047f8ec45c3661b60c41d33bb80a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d3222ff74e5d22cdd9b88de0345b456

SHA1
64a4a5b9018b029c355bb85fe32e5c3fc4e1898d

SHA256
96734243827c9d1b81526e64eccb7ee36ebb9b9af4287f4ad45c968fc2acecbf

SHA512
191678e7b855409e4674c429cf3c7f38a9c41865226c09ed98e79ab4b621ca17b206174cdd538b8b54a7bb7c4f23b1c16719955f21675dd318d4b70b751a3855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1cec7b0fd4a22f1ce63212002a5ceac1

SHA1
82d17c346fe3eb95ff10da7ba75a80235f0903f0

SHA256
a0788e5fd612d4a6210149245932889a49e93851e1884887dc8aff86c31fd55a

SHA512
cc2a2fcc37c74469117b295dc0222d9a0c1dbffdc134b58e363a403cc3585274347d0b2a3e8b3ea17e906b7dd425a9ca67ea0e042bb146df7ce8ee4e1178907c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d2d4ad6b8769180bb629f060f516aa54

SHA1
6e92288a8736fad5e372016786139072528db0a2

SHA256
23444e4a8d7f0c8655df1da716903b2051f29771abfa77990a83261dbc1edbf6

SHA512
1e5d4dcc9e531e1147c31799dfd1c24bf469ee5e319142ae2567a54657032c4751f080bb5cd6d670d58af781ffd7d545b69b593b5f3f746f4e0006a257ba10ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
54ae992a428c75f92c6a243b49f6236e

SHA1
f5d36194ec8bd81851fec44469bccfd39cd312e0

SHA256
3d6d8cc6b197dbc742a03c082030978ef74f349dab0f0fc5668e9ec3e4d49eb6

SHA512
8b6f0ca2448fd96bae14ff3f1f7243fc6a8cacdb491b32fac9d58d6421cf369a81173a271498afceba443df86754197b38736248731680d4290f4b9c5a76a1e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e0ab.TMP

Filesize
100KB

MD5
e4e9b3f6c8a41359648bf83757a93391

SHA1
aadc154c53c446a00ac201c0b720dde0b10e7e52

SHA256
1eda3a665635e512434a52b94bb5972909b03afe87bf11a653e057208d4b855a

SHA512
1196ba3ec3abc998c7c0ee66cf9089bda98ab329b47a35b1dfe51b5682d96b5e8b2e38f38703b4e6f76a60cc2646a44b50d3080c3d6a11d9e6fb256d76c22279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit