hxxp://mediafire[.]com/file/wkyjd142j00riks/pack-of-memes[.]exe/file

Analysis

max time kernel
110s
max time network
111s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 06:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://mediafire.com/file/wkyjd142j00riks/pack-of-memes.exe/file

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
22	mediafire.com
2	mediafire.com
9	mediafire.com
16	mediafire.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587582798123982"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4704	4388	chrome.exe	80
PID 4388 wrote to memory of 4704	4388	chrome.exe	80
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 1792	4388	chrome.exe	81
PID 4388 wrote to memory of 3212	4388	chrome.exe	82
PID 4388 wrote to memory of 3212	4388	chrome.exe	82
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83
PID 4388 wrote to memory of 2288	4388	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mediafire.com/file/wkyjd142j00riks/pack-of-memes.exe/file
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1032cc40,0x7ffb1032cc4c,0x7ffb1032cc58
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2044,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3032,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3556,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3000 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3036,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4764,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4600,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3516,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4912,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3668,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5024,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4992,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5088,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3760,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5028,i,2688931294081702265,4118349690281198254,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:2572

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aacf0867bc59a59211b86075ce55c9fe

SHA1
9b153806914c8d6fb9dc248b2f3aeb57c6e26c01

SHA256
f63d4c66a8427d1b88a7b52bc9e8bbca0612cb95b9789546cfa4cdcc7a1c7780

SHA512
7bce94d1634922d9da25930cf59ebf9f287689659d227a3bfd5c9098ef115a080d4652fbb8d03dbe9beea6ea8dd820e482a9c1a4ece27d0f2fbcde15b3bfe36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27b75a2608ebfa0e911dcb1f173213fa

SHA1
e866c9975edb725c5733ff5bf0abf2a92d81088a

SHA256
506915455222dede950dd64086324dfd3df25c10c7cc3a385514f57e5bb8d58c

SHA512
beb79676520773775603a0638633962f6cbe1ba7b23501c73964a9c9fddfc57e05d8c1b8404fc220bb679c25500d2a5bd7831aad89f5f84a7b55520c8fff7d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abade1df68402c89e286e813648f0ecc

SHA1
95a6d61ef62c8b23928c3b599d9a26da7a12dac1

SHA256
d858806b97d20919513501e922cb77fc95e9e2a004346a8565f1ec3c6149dac0

SHA512
bc15969f0b4a71bd4e0ccc13136d3d1013583223993e356803589b19a3e491fbc0f37f3f9f6d19b8eb9c12e7775499fb5506b604e2784d1b5c5ceaa8b387b4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85f0fe273a42643511bd173d720227bd

SHA1
0a26c856eeb1939b47bdf589b986ef328bb5b352

SHA256
802a80339461516deeaa7ccabb826034650aa3b2425503042bcc4a45259230ed

SHA512
9c97c711cc9c106ed53e8f4ab2263d28c918fa5c09f79763b4c4e9e26bee092e8fd30545d638d0455c0fad061ad2b4282695c261ab7fa78dc2d5f3d31897a98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b36ed3e7f905b54155b4988a7f02a631

SHA1
790806dc7776fc73e47c03acee60f1e4c28203f2

SHA256
d93232f873fef39ca5f3fc00c2f845abf14d8776bd74d53c779c8e9d651db5a2

SHA512
c657f9653a45252bd701d5bbd023b885882c8708b98c744a949a0edb3bc1b323c4a362e00e95df7813bf4f8be5b4fde7b2537bd16b5d90b2626ea93164a498b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d921a4d783460dcc953849e23913976

SHA1
303e51bf931912ea94d035e27e4b908149bb3ccc

SHA256
355a26f51873a8eb3d11630ff3ddcfabb5b408fd8f6d9a5c92e8c859531a891c

SHA512
1aad300444cb77ec64faf2b421038ef9236b9824cdea4e2817ff546ab67bcf2a0894a86aeed91ccc0bb6a73aaf134fbcab1c56a7db0451de5a25d81012173697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3e61b6f3257a64f7b55d144f7a32d8e

SHA1
aebdc00d1dcf2635e9b85e3d3b067856232dcc5e

SHA256
86ef6abe526d5a5a1e9d7a347243eec971b238fa9f7af720cb2b00f1e7874fdd

SHA512
044db30a82849562238fce7e7d11b6ea07b3f00f4a8604986ea9df6ab63e6ae3f6b8b21a5960b163ba45da02441a1225049864cb70cfdfa6495628dc784467ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ccfb7ff46b37631c3b2aedd5995c42f

SHA1
c708605384eca7847cf0629725f7d38e43524849

SHA256
e9a2673f449184c526e246bfeb1e3fe1788e98c40b8be91500272372f8e4746d

SHA512
5807d9625ad1370e25e18ad68da469b3e95fbbf16d043b66e8b94a0dbee9a02471e01f1270c359dbe484f36966ca441ecf38c691be4fd1656f66fe634be1f5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b2c1c216-cdb0-4b1a-99b3-a8ba3205f990.tmp

Filesize
9KB

MD5
0a294911ce550987fa671905ab3a5b6b

SHA1
6c310a28606da9c123a00b3d2b01bc6c2196385f

SHA256
b0175d0ddace8112fdf1049c29dc37f6d27c006af4b3ce3a0a9eab1a9d09ef7c

SHA512
7327e3271ee63887a1a3f7002edfb8fa15d4c72132cadc3db90e318d4a2125a6cf52057ba8b9e07be49ab6e447759f5a75a89d5d255dc8e43165d35a97520482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
1dc098b833a151df1081ce9fa40ad380

SHA1
25fa25bc052bd78648ea89e7107bb272040a634d

SHA256
69624ef5a3a396f7f2468db314d2e9949808b8b0710403741554b902875d0a57

SHA512
9dfa1a290f6071afb68c219bfa5fadee4c56f50973de5080a7d4c317366e07332185695b241416035d6ea7e10c01b9b950400927a10742902a9e9f471c1e307c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
3c3f26477dbe9ca9e267ac24d61fa379

SHA1
c87948b29a5026b1fdea1f638530517b8596b311

SHA256
e9083a48d1be154a203a074ee47a16cae6cda1497861e1feb0cc5ad29d0b1d96

SHA512
a8149266ac7131ca87f1bc0e3ec3b34993fefd42830a09d2d77f4ae302cb7a5d4e746ff41923b8e6e6abc777b71d5aeb0db1f8c9cd811536dca979be83f07046

Download Submit