5e0e5b9d4e526c13ace0984e405fc39d8c2bbab0548e0fd18ecdfa5c44de5a28

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Srtcs2ext.exe
Size

1.2MB
MD5

59f27fc66c6ce53365367ba6b585778b
SHA1

658b22705a7c633454403a28f5392c12c90dfe25
SHA256

5e0e5b9d4e526c13ace0984e405fc39d8c2bbab0548e0fd18ecdfa5c44de5a28
SHA512

5fdb101fa3353318f7cc113ab66f06896acb7980ee62bbe30fa49b71abd8e8a6d28a971a6b6ec552a5f3c4fc3208bd52daff5a7b0f75b92ec433b863c9cfa313
SSDEEP

24576:DHQRv6pVgoE813LXVV0vm20HTPBeyyDwnx6e0r:L4SpzHvQmTHFly8nx

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1596	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588295094758326"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 1632	4520	Srtcs2ext.exe	83
PID 4520 wrote to memory of 1632	4520	Srtcs2ext.exe	83
PID 1632 wrote to memory of 3144	1632	cmd.exe	84
PID 1632 wrote to memory of 3144	1632	cmd.exe	84
PID 1632 wrote to memory of 4016	1632	cmd.exe	85
PID 1632 wrote to memory of 4016	1632	cmd.exe	85
PID 1632 wrote to memory of 4060	1632	cmd.exe	86
PID 1632 wrote to memory of 4060	1632	cmd.exe	86
PID 4520 wrote to memory of 732	4520	Srtcs2ext.exe	97
PID 4520 wrote to memory of 732	4520	Srtcs2ext.exe	97
PID 732 wrote to memory of 2396	732	cmd.exe	98
PID 732 wrote to memory of 2396	732	cmd.exe	98
PID 2396 wrote to memory of 1596	2396	cmd.exe	103
PID 2396 wrote to memory of 1596	2396	cmd.exe	103
PID 4880 wrote to memory of 2268	4880	chrome.exe	113
PID 4880 wrote to memory of 2268	4880	chrome.exe	113
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4492	4880	chrome.exe	114
PID 4880 wrote to memory of 4532	4880	chrome.exe	115
PID 4880 wrote to memory of 4532	4880	chrome.exe	115
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116
PID 4880 wrote to memory of 4364	4880	chrome.exe	116

C:\Users\Admin\AppData\Local\Temp\Srtcs2ext.exe
"C:\Users\Admin\AppData\Local\Temp\Srtcs2ext.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Srtcs2ext.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1632
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Srtcs2ext.exe" MD5
    3⤵
    PID:3144
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4016
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:732
- - C:\Windows\system32\cmd.exe
    cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Windows\system32\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:1596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa94fdab58,0x7ffa94fdab68,0x7ffa94fdab78
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2300 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4888 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3388 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5048 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=1940,i,6056319319588876522,16089984302199990846,131072 /prefetch:8
  2⤵
  PID:4956

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
27bc9669a8ff1ba6ca92016472bdc59f

SHA1
2d42ed79e3283c799efc86d48057e3d6854c33ba

SHA256
ee4b3088dc439ee82cbdc9971f5dfe5ab6e88711386368d4d0562efe7aaa4475

SHA512
6f79b5ee1b6fb8734c892b42b4c1979f471bd1b3322293bbf9d6b06a0a88438d81cb846366b080eee5913ce2331ea8def96452fd3de37d5fcbd6d42cdc5895c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5bc3a91f6790bf10fc925864c3461ee8

SHA1
b31ebf60b6c90d843fa671552fc96d19d474fe9a

SHA256
33356118a07f40d70acf96c4d4fe76447edd352484d8d53d347b0a1be25fd17f

SHA512
63c2f8eb9ac7c2adf920a56088210e09e8863272ecba9d189f53dea4d6295e610769b0130be395badf9fe7ef43e551f8bf9a6a6620f80652dd75e919cde959cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3426df26c43a37d5b3e72fd3a0d5a841

SHA1
755a9bb01f2d8c3765dee10a6c174943e5fd267b

SHA256
90782a64178af7cd4413a67f90288b222a007ba811ec8e7a82c8decbfa04acf5

SHA512
bbef9370a37fdbb1e1bc39869d6fbe0817e0131ae965709974b7bd307598deb1bf2f4cbbeb50e6749ed2787318bec8e0dc5ec4f36b37a24bbb4606b32b34e0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1014B

MD5
427dcf7e93f9132042e58ce94ca596a2

SHA1
3cbc11c6589a7c4bef703d8b5afb276c6dd49c5a

SHA256
a979c4eda61739033e7705457fcb7a2e953a1d4d9e2f6d001bb50f03bd269557

SHA512
160af41ae46632202b7d1cf947971fe80c479fffd7190a502d47d3394737651c7b58cf3d63b8af17679110d26c5551f04a852b65973b533b3c49c5f055338c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c68030c814b041347b00098fdb825a2e

SHA1
6f1509fbac17251124cc73f6b9e0cc25896216ef

SHA256
466410b9643572e9e2dabfb5299a46bd0ff54a8bdf40381fa2657c78baaa7301

SHA512
ee082de3707e9d9168871f9fc71de3b793e43da0bd665f94c3482f5d1690e01e07988506eaeb5d6d847be0b6ad663480d4008deb0010dceae65251999e5b8052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1014B

MD5
8c9147615eee92056696dad2c43052bc

SHA1
ce70c1a214593cc45467a12ed153f97ed8616e6a

SHA256
da9d0ba170ad3e50bff363a59414d013b882399adc4b9930060c626b0ee7d78a

SHA512
723a6ec504e9ae74629688c40eedf61cebe34c530ebfa1aaac474bf7fdb7159dec5b2083084f553d41a29ad496de96142f761390b5f8f6dcddd2fd7c543fc808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1014B

MD5
0ba2040c943af249a41d1dbd39caf40a

SHA1
5f57daa1ba9f935230747994ec50dc1f24b7538c

SHA256
db762508a2deae2e1c7c505ce0eefb935b1de4bb54e51fe365d3aea101538180

SHA512
432e648c024e65702d134ba746dc320a0966942e46e6dfc780d14eeb6a4e9256216457bbd1e6fe6d37cd904a41f76cfbf9e1b4ff957b8e39546dad1734d76e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
286ff0b83d92690e3d0b960723d64c77

SHA1
4222e753c5330ca35b0bce9ea767e14698dc37f9

SHA256
15ff4ff88a609010cb0ecbc0a576e39b91ef67e5708bf187e4e6d9a656078069

SHA512
be06156a22190da6b98d1a53c1799182d0b54faec8a11ed9b239ecbfa0c5dca40f1446a3e087fa6e9391743a42500933d02024ffa1a8bd14a73500ce3bb93869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ca0edd2fc4672fb5bd37556052c7dac5

SHA1
fd50db83f6a821472ac987fd74e9338d8a7db72a

SHA256
d3439aed75bcb495a13f6eca8928e3d19f297ae4a73dfad446fdc4e6b8841db1

SHA512
ea49c4927ace2ead1cc2f30baca536be9684897e2ad7ff111d87a74b04114a9f8c281c619c9c8550a5fb87520ae7de8c715e3e422210cc4432f8be8bbf61a31d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
987fce0fdcfd69202eec2856cf559314

SHA1
72c801653de9ccf7bfadff254f0a78bc4cc4de61

SHA256
a86b116b6aeadbc213077b4edcc4ee3a55769a68f7d023a4c0cc344704348b24

SHA512
eb57722046161604614810e5ff6673a76ece76a04023b988354add803b189eab3cff662f575f976876a6df3254e5747bf6a4b45d2a6c6efc5d1758b233551644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a0b698900a4f7b7552a6654258db6800

SHA1
58b15cb8de2d87c39cc55b337cacc9d2057cc39e

SHA256
da3532e6e56df9ce3d666b11ce1812ea19d9836156171bdfaef17ae616504f1f

SHA512
8212431403069d1f672f0c0308c62b2104f1f8471aa08ec08ffc2586395ff472d5cc182fef305c71c23746a845242888f44ca0ac9c91f054b2d656737f99bf3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2edf3b1b1912312c72df592abc5ea7a0

SHA1
add5ac9b172359a6919844e93a0bc93c1b569120

SHA256
a6b588fc3d7a2bca26e70cbad8d1718fbf92bdeea34808a5ec956e751af2726a

SHA512
9f9d75f1d22285302fc895764023b00b6f3575caebd9ae550d3f9bc7a1ad9a5768e2e1eac0eaced5bad2804da47fd71f1342148cd9e1ce8e0a2d58d1ff46ae50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
93af69aec7eadbbb22c2194fb2f3b449

SHA1
5b93b6459510f71e15818987b4862c73371b645f

SHA256
4d15c87216445a226cfd7c3aeee3b8ca1b9344ba8e289eb9a8147d2650049079

SHA512
4079c7c53a0cc9fb38c412ee2f3379431423edec5f8c1265aa022dfe26fbaf6999aae0a13804d8999d8790f43d48a17d199c6045bcbbcef354b0564218bd4fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
1c59f5aea3c13461de1a4821f5ccd586

SHA1
b1e4c4804605fcd05ffeb136821df6d2dd436b98

SHA256
4f1c52eb406a55a8f232c3ea80fee8e03a971d91b4007abb6f27a355bb3585bb

SHA512
9d0580f1d8e8c07e7adcaae60ed508a23bc54b4902f584888b281d9cf3020360a6c5f24f05b652c54750007cad86a95f40180a6b9bf898d4026be29f976b34e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
797f03ada0820c811b27995865a4ade9

SHA1
41badbdb462022dc1510f940941b52ace5f86114

SHA256
6718314858283d57161bfe4fdc6d2817b3ca36dae63bc9a4e9abc956d79bd40f

SHA512
21ac7d8241c291810370bea288498317a413d46681500354f62d773c8c018ec4e6bc4e5d681ed8ec7f7d1825dac53c54fa4e269b42fa3df7f9e48f4046b0faf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
f6402607b29fa267788bb3ffae81bdd1

SHA1
c277788750ecdb9d3eeefafa3135d924f0c8d844

SHA256
812a0cd33de9ad1c6d4eac5f1c4833852aed2f36cab3e440fd89ad0af660e3e2

SHA512
07f4fa25b416b4f00bb3aa11c9ae0a031709729ccea6982a0b0771c4dcf1c9d2cce53be1cb6eb61718c7b7acb9870fb705d00fe037726bf61bb823fe8fa25df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593c82.TMP

Filesize
89KB

MD5
c4ea02981e4a46406483623b6f2347c7

SHA1
02deca065c774dc7f8614f6c3cb5cebf99d1c061

SHA256
6f420db73cb3c1612b75207bcc4504648d98b44fb22ebb94e6e5ed37efc6016c

SHA512
fbd9034bfa4ff98177e5e2b24db4aa7085af5de5605fc0b72720ea2c9510311e2e54a031e1f314cf3a463ab7a3cf301d7eaa9519db4ec112e72f7c56376ebbb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit