bcc8812a2385f7a4db7d7633eb5ce0770e5cc3b5093873fd3e0a7c239f8daa1d

Resubmissions

11/04/2024, 06:06

240411-gt1pxagh4y 7

11/04/2024, 05:53

11/04/2024, 05:51

11/04/2024, 05:48

11/04/2024, 05:44

11/04/2024, 05:39

Analysis

max time kernel
76s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/app/js/block_inputs.js
Size

789B
MD5

b5b52c92b90f4283a761cb8a40860c75
SHA1

7212e7e566795017e179e7b9c9bf223b0cdb9ec2
SHA256

f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
SHA512

16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572881938051910"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 1164	3592	chrome.exe	109
PID 3592 wrote to memory of 1164	3592	chrome.exe	109
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3080	3592	chrome.exe	110
PID 3592 wrote to memory of 3628	3592	chrome.exe	111
PID 3592 wrote to memory of 3628	3592	chrome.exe	111
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112
PID 3592 wrote to memory of 4352	3592	chrome.exe	112

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
1⤵
PID:4676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe38929758,0x7ffe38929768,0x7ffe38929778
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:2
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5380 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5304 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5240 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4772 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4720 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3164 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2852 --field-trial-handle=1948,i,1425102394689766135,7273825960884175423,131072 /prefetch:1
  2⤵
  PID:3208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2148,i,1752153415760610784,11376271161549019716,262144 --variations-seed-version /prefetch:8
1⤵
PID:6136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4a0b907083f8afcc81fd894fb6c45d01

SHA1
7161d696223d3373ccce860cf81249d7f738a02f

SHA256
87b0af1a5d48c9852603c2cd73097e27beb903aca92354231262ceba0e276e4c

SHA512
9a917882b29ac03f6af556b1c4cfb99b5e8260a4bf9a179b91cb1a1ddf47c1cd5543b8d7f008d955320e567dd4fc0236e187717d4bda748289700b3fe920aca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f8e693ffe7ca479e1216f0c1ded30a4

SHA1
d43eea52b8a2cdc7f7e297d2af2067a0e61f069d

SHA256
87b84b37a23d2ea64def39572192dd96276e57751b4be0fc553dddbd4c331d9e

SHA512
caaec4cc1e9eb1741c948b331cdc4f5e3d8f7bf25bbd864f260317cc1955db0c7577166d22d519ae7e528bcde97bd75a3cacafc7bb2e0c11798e976164234c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1cbec5517de0a4925919ed4b606454f3

SHA1
2dfcfc1a2740af316c53efba8d81eda03675cccb

SHA256
f55e259a5cc5e0d64552442677aeadfb182addf579251ddc2f6498e23ad1bf3c

SHA512
4e9735e4c966012cca406e746de974119474dbcfddd3adc46f7f51f319c38e0557dbf88420047af4bbee0225321a33f3552abb5a67cad4886870f9b754f6f617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a10b8083ae48f9c052277b21012e6f4e

SHA1
61b4810cf23fce899eccabe03e0f2759d84da659

SHA256
d873aecc8ce79329db821959a6b12fef6f2c06f3a88c599435a9b29b4a28276c

SHA512
8ff653cca66fb7b4f6d9263bf0661c2964e7add309529472d4ad1da9e4477e585833a035cec1a287de655528b8b069210586bf4aa99275e25c1ece6cdae3ee0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8fed138b1230f7344eed2012f2255952

SHA1
5ca43fd403e07015b47520334f9a00413ec8af70

SHA256
c89240c6bcd039f73598c5c51d2d320be930ad87b8029c45865c98e70166ae01

SHA512
1ffc7cfbe267ede14d48ae7f5c65337904ddc773876b16a80486df82cb923cb36e9d6a5af42619d55e0ad42a2978c2bb11c95623e55d444d805f20fd97fe971d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8176865b18e9b047ec1b9922dce75c93

SHA1
e441f1e05a8477ec351787616bbd9999421db2de

SHA256
ab4fbd1eab80b0de617c03932e253d5443afa11b3365b36214786f8d7ad03fcc

SHA512
7c572b7fb8cf9d9e6c9703fbda7df0ed78f2f22feab222427e6a876f3c6163399e745732d69f541b99411b204ed0d4892c21db155e79666523f600efbb9b9b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
96ff5504736a1208f873aab0fbb67e76

SHA1
d8f95e3cd58a4887d055f09df99a58a63d660b7d

SHA256
feec00ac14717cf6b83d79cf7d011cc98cb464222c3eb556a4f7dd70f5cbfd60

SHA512
ab5ef38278c14e00f5b7d17312c2bdfad35eb57d63dd6e78a2c186022494b3f30c526ca1a3adcce2b8113f311f56a66914df6abc2178026cdc27b7bf472c06f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1ec74f6b0c49fbede4633df32f7d9a9b

SHA1
96c930c4fdd0a4fbf019d09d11bc3694634bd76a

SHA256
cf211ea02ccfb56135adabce4146ea6141cadd622cf4e6e6d0fb66acef667347

SHA512
618954d5c86e221066c47bb9168d0baa81608c0bbe0b108c6677c8cca4656b7b48896d252426243792a1acccb0688cc021eb825be91e5cea961ba457e55ec255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
2ee14bf5b85a60b737a053a242fb8a9e

SHA1
cb5e666c0fb60782d33434763bdc0e43ef9023c4

SHA256
95d8febb8468d6f3ec2b7697a14a9c9f81d4449d049200aff9fe9229ad5e866a

SHA512
9cbe7b5a42395e9caacdd12d4e8014ff49527d1cfb06643d9e6a5ce882b6eb699fc87028474369c1b7c00046884c45409a61f2f699b560581536dd0b1ee87805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587f4d.TMP

Filesize
97KB

MD5
ead2bea7c68fb64d8d1dca84413b8aac

SHA1
c472f1bf0b62f7d9015405af23e7d2407bdf90bc

SHA256
b681be647c651e237bf41a04b8d6ecb83300bc7ceb6f08686c12545665b91b9a

SHA512
b1dcfbede804c31a43f234a59a6e0385a07a3b894032943fcfae2fc32b9dbcca32cd447848cc53e8e48a46a879c0b219ba89df17ae01ad8f369a13b063555e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
748477df969ef3596a43574414354693

SHA1
059281f38e80ec8fd2b5b3912c0f13024740971d

SHA256
be88ccd6d4e0533001afc11e4085a611286df95c216466c536cae467976ba3a7

SHA512
9210b85247c9e098878b267f8a0bc072740eeb453bae12376ff24fcc251ad86cf1090f46dc5ad3f519bd0ea5835b89381a76bc44bbdb3697438789c1c8583ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
0b561a0d93f1b581cfade335f521145c

SHA1
6f96320cd948491c03e72941ec02e4ca5e0ab8b8

SHA256
786daad7f39854a2bfb36de58e5a33d296c9073632766bf0603af020178b3f47

SHA512
01d4ebff2228e2682aa1c6cda8c54d826be95ed593328e879f6202a60293a480c3e57111d2afa9c4ff703019cd53d7832de0b858791135713e20d480cf839d23

Download Submit