hxxps://mcas-proxyweb[.]mcas[.]ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01[.]safelinks[.]protection[.]outlook[.]com[.]mcas[.]ms%2F%3Furl%3Dhttps%253A%252F%252Fdocs[.]google[.]com%252Fforms%252Fd%252Fe%252F1FAIpQLSciOpt5vNtgqbWMgXS7ElASzji2vk17UuVb1MsbvhCN4r2iEw%252Fviewform%26data%3D05%257C02%257CISD-IRT%2540metrobank[.]com[.]ph%257C163f9fb4050344a9743608dc8624b7d2%257C5d21b779551047d8905fe1156023a316%257C0%257C0%257C638532739473057641%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DrtzRHLYmOoc0Apej3gsp8iFqgYNfR6nvrM16u2Pbzdg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=928d3f1f1a3c1fb9fd4442de689adb5d9249060cd47baa0e2b44a4e234a259db

Analysis

max time kernel
60s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fforms%252Fd%252Fe%252F1FAIpQLSciOpt5vNtgqbWMgXS7ElASzji2vk17UuVb1MsbvhCN4r2iEw%252Fviewform%26data%3D05%257C02%257CISD-IRT%2540metrobank.com.ph%257C163f9fb4050344a9743608dc8624b7d2%257C5d21b779551047d8905fe1156023a316%257C0%257C0%257C638532739473057641%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DrtzRHLYmOoc0Apej3gsp8iFqgYNfR6nvrM16u2Pbzdg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=928d3f1f1a3c1fb9fd4442de689adb5d9249060cd47baa0e2b44a4e234a259db

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621914411847120"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{9E0339AF-2EEC-41E7-A003-F18720ACE566}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4444 chrome.exe
4444 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4444 chrome.exe
4444 chrome.exe
4444 chrome.exe
4444 chrome.exe
4444 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4444 wrote to memory of 1608	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 1608	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 752	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 4232	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 4232	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe
PID 4444 wrote to memory of 2260	4444	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fforms%252Fd%252Fe%252F1FAIpQLSciOpt5vNtgqbWMgXS7ElASzji2vk17UuVb1MsbvhCN4r2iEw%252Fviewform%26data%3D05%257C02%257CISD-IRT%2540metrobank.com.ph%257C163f9fb4050344a9743608dc8624b7d2%257C5d21b779551047d8905fe1156023a316%257C0%257C0%257C638532739473057641%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DrtzRHLYmOoc0Apej3gsp8iFqgYNfR6nvrM16u2Pbzdg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=928d3f1f1a3c1fb9fd4442de689adb5d9249060cd47baa0e2b44a4e234a259db
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a69ab58,0x7fff0a69ab68,0x7fff0a69ab78
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:2
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:1
2⤵
PID:924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1860 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:1
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4136 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:1
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4784 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:1
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4928 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1916,i,4762825053198071748,8832614972700771471,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3248

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:816

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
11539848c5404e9535dda6beb6c21877

SHA1
5761a80e46b2b1f24a8cfc54eb2a1770179a90aa

SHA256
b05034558fe605f8bd9d88dbc24ec484e44431438f477a047e7470481922d790

SHA512
e7482b061da48974ac780d8d74ed20cc9d02addef2178998b208b9fe9b53d86aa5e22195f33d6d296ba8ae00f34ce8712a833b0f58127135bf79308a416b26e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
0c3b4b3bcd21acf5452f294653ef2ea7

SHA1
9d1b13d3fd4bc4cf92239628148493e36b101d1f

SHA256
5ba21e10e49bcd250bcab9e40d7060d6c4ae65e348239b5b1f092d48aaafff5f

SHA512
316167cd3fda39bc8fac930344a2c5c21fb65f2046f90a34545fb5cedd9dfb87571650515191ac5fe29d694890dbf6be60bd6cbb0d3e68ad034c86dea5f7a1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
3dfd8daf5afca80dfcf77a3873c22048

SHA1
e92910205ab9edf5908687137736edbc61beb819

SHA256
9597746feb0e2dbbb8f14866e8508321ca7ada3a2b0258d3deb355df3865e5e8

SHA512
9f5d3c869204847338b8d321835adb7598ac7a0592c9a988005bd2698aed9a3a78a549bdf889cfb80dde2e3af7dd46f3cd1c95b8cc93a257eaa7a30045a4f0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9a8830e17a20eee9b5c9056179280171

SHA1
a94aad1171d53fbe00b33d3528972fa971d3550e

SHA256
e6f13d8c4cc72712dadbcc2846f119da80f636988b056b8cdde3c42a5d5f15f5

SHA512
0ed9200cabd9713ee5316d2790f35776594145cbdb072e50b5d1c16fdc2264715883f34488cbfba216c48de7f1e286bea7eb8277cf2cc587affaef5729d8ad20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4f2406c179f178f0c7a7e767e9152c2a

SHA1
91b03c1ceece265f3fb9350a59dda3d32a7e1632

SHA256
494221a0c35686a2cb035698bae5c2eb4fe1f866bb0dcd6c4d1b71bb06a4639b

SHA512
851dcdfa055413989b3fda970d8598e4995b3e88cedcedc55624f54152dbb111bdafe71ef6438632fa2ebe84a168c5e74f6b6be8804428f0deb08f393123ad92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
83441c7719a4c57bde33fe6394455c7a

SHA1
74378e8a2e60cf1575890fc43c0d296162bd0fae

SHA256
54daad922e097fe9fdaa44134c164402fac4ab215cccfae15494315a401cafae

SHA512
e009dbe17064469254faf11b8095b1ddc4124f186e07cb2c6e6b32761ae6fd196f869fda4684c19ff76a3b1da2d4a7e854a9543c41cfeb9873c9cc234a2ba39f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
25cbae8f971c5b27e787a788b87c1d6b

SHA1
7bd655ea031e08828b39ec8bdf251319de82fa89

SHA256
fed3fd4f083322bbaacb0debb50b9d8f06478440abbe61141f2235e69ed2f37c

SHA512
721fe92e319806cad44af12116353b7acceb6f60b9448b320ce95a393a967bc7c6aa738190dab9db17da41b54bbaaf20e533018c2c820baa288a11d25aad4ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5826ad.TMP
Filesize
88KB

MD5
ca59545dcc443fd8a82bd8c11cfe38c9

SHA1
e9aeb02bcf7a6a6fb5bc4e483b9dd03b22391da8

SHA256
e3f90e7b5e76e17b802705b610b2da7a873becdc7fcdf8ce1ee18ad6a22774b5

SHA512
bb0fb8dbd4019012d351ccfa186e2c7924c555c62331a107ef685b82bca44ec2bf147a392467566328769543b708e8c0ea097cd5e69380346fcad12ef2c2cd72

Download Submit
\??\pipe\crashpad_4444_QWLLPIUWCMRVIRBJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit