hxxps://cdn[.]discordapp[.]com/attachments/1235416337581342734/1245681653230080010/y2lgqUm[.]zip?ex=6659a2f1&is=66585171&hm=404470d9270fc95433442150403475450b1f00ae74cf19464bae04af1ff7a7d4&

Analysis

max time kernel
299s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/05/2024, 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1235416337581342734/1245681653230080010/y2lgqUm.zip?ex=6659a2f1&is=66585171&hm=404470d9270fc95433442150403475450b1f00ae74cf19464bae04af1ff7a7d4&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615376653333877"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 2720	4676	chrome.exe	73
PID 4676 wrote to memory of 2720	4676	chrome.exe	73
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 888	4676	chrome.exe	75
PID 4676 wrote to memory of 4348	4676	chrome.exe	76
PID 4676 wrote to memory of 4348	4676	chrome.exe	76
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77
PID 4676 wrote to memory of 4652	4676	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1235416337581342734/1245681653230080010/y2lgqUm.zip?ex=6659a2f1&is=66585171&hm=404470d9270fc95433442150403475450b1f00ae74cf19464bae04af1ff7a7d4&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd6b39758,0x7fffd6b39768,0x7fffd6b39778
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:2
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5240 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3364 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5604 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5768 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3132 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2884 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2868 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 --field-trial-handle=1764,i,17043060611396041227,12585002354094603537,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3460

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd6b39758,0x7fffd6b39768,0x7fffd6b39778
  2⤵
  PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c86640aaa33658aa24db5a9e946108b5

SHA1
42a8819c961a6db7e165a84bab0781ef72e71d81

SHA256
bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717

SHA512
5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
19KB

MD5
856a3daa268de8801e7cfd5b727b6de2

SHA1
8e099b433518980e657c7541c49b498e6b83430d

SHA256
b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5

SHA512
2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
46fe258898f73965e06768b3acc3ebe9

SHA1
e3cc9763e2868195f6b84a259a06db85ab268715

SHA256
86c85e8697f232b9967bd6c292ef44c90632d36a2529a660c72fe93343a6b591

SHA512
4f7e7b9a7527b61d4aa187e96f9b57c8fd2287fe44b15afb10a81ab3bef7b779e397743bbe65cd0d761ef8b55e652e80b3ea4703d0359986e65debeb85398468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1f9b3fae9e7d133e12e6d9ab27ff3393

SHA1
cda6f6623afefde6a784a7cc63573e2b2fc6f24c

SHA256
1282141095958cc5ef2400f6c2eacef0266d857a2b6d7dfed45e199a2b974e84

SHA512
200996e84fafdcbfbc5ce8ec8d17f6e0b38f84e1522f28d16c14dadb4e50d0aa4cf6a8499f5cffc706873be80c0e4fdba46a0b530ce88df19738e33836cba567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f18f93921b01eeeb39c416e423cc8d24

SHA1
c65508229203548633a82838a0f17ad7c3ef061d

SHA256
b51ee26e2ef2e161606329f89c27ab86d8fcc8ff9b5e0a49bf2a4983100dfce6

SHA512
cbb909542b9f451a3cee0fdcaa865a0e5b740d90fdd25a9268f31d682fbac7e7ffe025eceb6c745ce72829c778a606a9a1ba5cb6efbf47a5e6444cb62e17b895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b84da45b92015d1e2fb661dd5b3a021

SHA1
253d01ce15460fe45c23fb17a7b680f2b4b9ce8b

SHA256
e22621b27bfc8f1ec5031b168605e1c809281025fdb0599c90e5b03f209ecf75

SHA512
96782b8e94517fae3b5fa54e283897a54197b006de7644eab3486a5756ab2290b4967e2e7132dcda97067c0681b3feaca8523f7c2af2d440c8891be83f5a8a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a8db10cab37ac3cf96665e908b9cd95

SHA1
6f9c714af1dbfcbb64a217a2e85bffa09553ebf0

SHA256
06f1628677e8bba2ca9f863a2c1f1eab09a847358db8074fb396fd829e383b9c

SHA512
c7f79b0920ce64a8cdf466c5016ca906a673a9beb265e88e03739e6c6da115f70689a1bd1a77575a5a968c3364f327472334f88fd5e4f155ddb40425299ae460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c9dd73f474c2c70daa13ebb7021c44b6

SHA1
35673c5184c4f876b8641d30d472c65bd11e4494

SHA256
7beb117528d3a44328404e04e9b13eab35b6f71d415e350782cd7b8516cf2cc9

SHA512
c1c893ad984e902c1f74a201175fe77c83aa5a722d99cf6688bb6edf856e54253ad57d44ed397e5528545f72cf0804d34cbaba65de402eb1bf69d20cc5312cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8d1909807600a6b2812c5af88f8c85c1

SHA1
7723f4ffd9e0475b01512a7f09211fec9f108189

SHA256
2116c5ce10fe0286c715312554dd7f166d4fed7189aa6aaf1bdfda202a406c98

SHA512
8132a307bcaeb41b38d45bbd4f118a7bc822a505e0e6b4eb4e6ef505f681afe949802b79a8b527505ab2679c22832466f437acfd7801c9dc7c15864b0a9ba827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
573711b0c3529e70d3b64e201f09500f

SHA1
5a1450e97c0b949e7fe85d811ea2fb2e29e4d82d

SHA256
6275ed0b3f48f1bf085269c705e0b5d44ed9df9ba79804dd245c6900e0534887

SHA512
0d5b2542e5b56c64034e95c8e603be3bcf64a87c7af243d3f56c5ced409e29d1ed66da3b73c5d917992b2defd1c03d3a15e3c6aab31ddb45ffd22f6bdf607fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1bc9e4ff4ee648ad2b662831f264b1d4

SHA1
1c2003bd4b7a2011ce016eae465bfee912b56082

SHA256
e609e73a304d51d93e0772ac2e2a75ee8ee04c00116d78042d0c9a8b561a98c9

SHA512
d0f20830c73a559c69a061e0525427bdc830925aac1842c9c4ee3ffd4c3c724d0ea713886367f42e1e1dbf9c98c40b0dd1d589e4894fe89284b4124eeb864a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c34c62a2af23e81c00b6c5f31bfaee9e

SHA1
561c12eba06e6d02f4c55cee29ce261928f2b238

SHA256
de88bc8f4f0dd4909ffaef77ae52294992a1f43d90adb3d41335301dd820df69

SHA512
7818ef6a9a6344004fc2f84b5c830531524ddcecac49dd8b1e3084e6053b2ca0fa8ae2051392389f4020739d2d9b18357fbae46242e378eb0e64cd94b8517e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
ec22fd048a87d742872ecd93515001fe

SHA1
d798c297e30f3ef8f1c0bf912e10c5c08b2f26c1

SHA256
a63278144b4248c46802cb940a4cd879be621c3b46cb94db5d8e70162c242cb7

SHA512
09e49a795d3d6e41274ed7a4e5326077b2e41f67217006e90529422da1351f1ed99d0493f082fdb0ce9b3375c30328bd4b2482391ce3b5cbf0d83cf8298334e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f702.TMP

Filesize
109KB

MD5
f3616f08e67ad899f39295c2209fa710

SHA1
83cc50e90de960c57f50f1a21f41e61f0dc59096

SHA256
16b8dc001a577277f186dd6ce9750daccc7a4e1f26f575267d8e75a3e99e8c1a

SHA512
a64dc6a153674da4b8280f7c1ff312d171f5ed90d96301adf84c32f82f671fad8c237863011dc2476b100e1fa6760d8fd4a6d38b2994ac6a3948fa0e5a6973c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\y2lgqUm.zip

Filesize
737B

MD5
cad4382147dae88a35b2777ad1bd1432

SHA1
2f4cbbcd9dfc070ac404ec8904eb4e0a3a02f716

SHA256
c57cbd709b29750925adc411372d1ea46355d1ec320e3ab058ee249fef55443a

SHA512
e267b21c15f1c0d8aba5e6b8b8b95dd6addd0651ef745fba61cac256fdfa57c006df6ccb4199e6f4b1f573bd475d90b5e9537dabaddbbc9b91d8d5736817f7c6

Download Submit