hxxp://rb[.]gy/biwqew

Analysis

max time kernel
839s
max time network
822s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://rb.gy/biwqew

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

134 discord.com
135 discord.com

flow	ioc
134	discord.com
135	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624374473620092"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{07745A75-FDB7-476B-A7F9-367E428E019F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3008 chrome.exe
3008 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3324 chrome.exe
3324 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3324 wrote to memory of 576	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 576	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3800	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 4056	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 4056	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 3892	3324	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://rb.gy/biwqew
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2cab58,0x7ffedb2cab68,0x7ffedb2cab78
2⤵
PID:576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:2
2⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3324 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4552 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4736 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5004 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5144 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5372 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5412 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x4ec
1⤵
PID:3896

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
68732f3efac70bd1fd8bc4442e2b5137

SHA1
38ffcd40cebe9bc491c8f5a3ddfe8d71b3d1035e

SHA256
671a5230458ad67bc8e1bf77819c15fbc65eeab636d5138bd80c7437c478d327

SHA512
bcf9e3ca4716f8198d3b99d996ea12b65a329bcbf7eba072594a71afc05e857ace7eb4abd6d61ca47e2f1edd41b24e4011e6ffc50234c29cd6b9ae813888ad85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
1b6a972bbd4699c699b9cf54cb6253e6

SHA1
f754dd785e566caf4ef9397e92ab9d918848d34e

SHA256
2c6fc18459321b8b3610e7d4387b88c9144f5d9fa2980bee03f8783fc2327a17

SHA512
7dd71d65f582d686da9ee2adb3c3bf3c83988430e3c915e6b63c6ac91d0b33b1dee50633204479c438472896e067db07cd4556acb0d673336c03ee8dfeb52b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
442919a51fe219ef906ce03bfdb8754e

SHA1
9b81a8a8edaa56556a3715de9619fc2f217568f7

SHA256
61f97fde82bfb41d2184c5262a8144248ec5cd15beae860f50998f3cdde09122

SHA512
9343b060f7824ff77dbfe3dc596055ef10c02befd73de07f3b08ca8bcec14e395353cf78b5735715fbc917291ac447da419e13ae6e3d706a7517f133e47ad19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
f0b09852b43d910eb3d22a73d35228f6

SHA1
112b92124351bfe285f4399d0c3be33cf25134a9

SHA256
68e76cf130fd157fbba88568c496dbae96b9d14ef6a372f3b7c859d68378eb44

SHA512
18694d32c4c24fbc05703da85ea1c3fcfd11564262c33194acaa3538e5b613561d1352ad5d07feadb4ce7e522f1a16002c6c6961d30a4ba9f10b0f84dd3e9fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
5688dfbd7d27eadd7e73d659803e56e3

SHA1
474b2d37f5766e0f4bf95d1a4ee3c4005f1a75ed

SHA256
fe743ee811ce66d7bf5dad2322496f397ed87e5829969c52bd7d55fcf5b0fed3

SHA512
2ea25456ee8cfa33e5bdb9fc9fe8c0f1dd86134c3244a77c42d06295870eeaa429b6ad7b3e417213fe41a356a8f36303974b67962ae3d7f3451a95e00884eef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
e0913f490d5df1b0ebcb62db5ca50f49

SHA1
5fc6ef1579b975c5dc9e78648d45ec2df9e919ab

SHA256
8c80abd1bc055ad5d37fdb67cf1b915771910df4656a91c6f404bcfd9d35b997

SHA512
cf00e49641e424b9365af69e83c9cc9cf5fc8f82dc83240c78a33f21ab07eb0aab8eaf065832b74fe3f4905da28438f887daf7a85215ea0a6a3156e9a75135a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0f34e09f73906367785b8f3a53d869cc

SHA1
395103043a3e338868ece8212082ae002ce38618

SHA256
8de828055cea12267c4787f139706d6c36b22be5168be716219f6f1acebfc47f

SHA512
101d25fcd82be2b581d1c815d36138916ddf0bda60a6530ad8d4494adbae2e0effa5aeb65fd2946cf7a2d832056bd286f554228ac8d2e9405d803b4be0be347e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
3e2dfc9a3f4385b28a8d27f28d088c50

SHA1
c40df0c46dd20308368f8afa21f7f1dd251b4d89

SHA256
0e92ad5e46f9ee6d2c0cd7c12ca767416e02f195901247dbef457758a304369c

SHA512
f383548fded9edfdc037e111df49a820b934255fba30c095e38df2b7c7b32491bc488f2608c53e5a8b71cea7a5e94e89b760abb8e2802812af39379d1020e1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d60b2ed28226e8fdb91bc6c3b872c738

SHA1
1e6912d809db5156b1953e6c4e9d1382369c5a4e

SHA256
78e779a5520177c9f41440a225012fcb5c8b56350c85b39dcd787072ab78725d

SHA512
2e5915626a19294c6d1a8f24cf9710ecb6b9271b738a73c013fdc52509bb2c4518fa7928a6ea740e626982fabada0112fbb5d015c27d8d69138d735511f1e1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f4c2beaca42d82d0d5a12d395a5c80d4

SHA1
bc1e9e40122cc953da283977fc24a9fe1bdaad87

SHA256
5c0a81dfba2f1c51ef206aa9be26ea197d47d24c14929f27c52859ef9b721c1e

SHA512
f3d49306a33691db78f099fd2eaa67a49bb0f6af85b894aedb3cae71363c801857c55e315ae677d31c2bcbfa529a5b3b2a93b636f6805788c97842151b0be5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f34a49178b71212f2d6376ad5903f2b3

SHA1
36208a86fa9b84bbc7fa9f0a7ea23626634d1b56

SHA256
73b13c5e37614af6976d23bc5fcc1c798b700aa5eb2a487168ebe89375e57030

SHA512
c908da86e2afaf863bbfd83cb5d4f0d2d68cbbbeb2c207f1322b04201425b5e3c70cbd4e6cc05c0c7ce8be28c7a6d64f04cce4752e48972cad4503c5cba00ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
827b3e2d799559abfb8445047cd6f79d

SHA1
f901657336e04f28bde76f4da5c10101cb40d95d

SHA256
720bc9fc4d11ec0548f3f210e2adca39a173082ab53a9719fcd685f688c30320

SHA512
910c90d5b2a0df4e52b419554676b4a777950291258c64095f86c2cbbdd540533fef143e188e7617bd9c3c383a265449c08e3d2c9c8d9871940bc5355646e116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
165f211a2b6b638bc12d8520a3995189

SHA1
07631faaae018761716981349dfe6e35eb055cff

SHA256
424e39ef56e492895e7724ad816b9cdd9ac98afa8b5686b6afdd6b4d0905d52b

SHA512
2bf1edc122f966636d97e350b2309cf3bc22cdf4db657b64cf4193568654374bf951889b47608d20f6b3f9cdccad738ac91481d4c614baf0c115b51868cc0d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4074f43811d9153346a794805ad80831

SHA1
61bd94f63ed91a547ff7056952a0182bf5c7444f

SHA256
9a7b78d7312fdd2af30f346c198c11c4e3dee2c1ac4b4a9cb0728844d5026302

SHA512
9e23b6c429e5e5ee976dbcce83cd0a16c8cebf18a0c8364a73a83e88868b4530f599e6fb00fc4149612ac4c7919e5dc504e5c849d5d9986a9a23d72c9d238de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a7f32e89ef68f333cd383bbdd0ba971a

SHA1
c7ecf8b6a89c48c227e94246b6edec8b91f05334

SHA256
6d294fbd9079dde11fe9c93cd32d155f5cf3c9edc522b05bfcfdac00ac8aea21

SHA512
e569cf8cb4ab160bbff4165285d3633a46f887b6f6d1cc7e9e8df80cad45934c3b03fa13c5b578c5b231b4da8e502d8166b8a20d2ba75738c873abbf46996d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d148ffc9fc5b5c9dd52eadcf1a1f9637

SHA1
e44a553fa4c46a0238e1adcc21ee2cac2550694f

SHA256
ef78c72550206c99102c2da58adf55e1ab38ed414ca8c29c41a25620cac2a2d9

SHA512
41f3cf21dc9c04cf7fdcf14c3bdc5e4b7d2eba273d491fcfff8a68de30f1d371030d6708fd93ad152660a409715bbc511dabe1adf766870fa9d9bdb1b0440f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize
74B

MD5
73a465dadf426a1816e6124332dbbe2a

SHA1
9016ee293d948b12d364e9eeccf7eec06a1aa032

SHA256
60ebfbe19e0b00485e81b7fa15d8988ac37bc2cdfd734311d3ee4b24f562a8bd

SHA512
e55d2a34a093562bf8cf9d051dcb7b1bdf459a86cdfde578ece91f76ec18f7fd1007db5c93dcd9864fb97dd7d5d7581ec6bbfb0d0e867e04290bf434935725f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5758bf.TMP
Filesize
138B

MD5
854c24243b336d866addaec69356c425

SHA1
34f90c7907e680276f738ac5097b273ada8f51d0

SHA256
4068189880cb9a7cd063c4a6fc266b6ebaaa34e5583bd108cda0d1dd61182fd7

SHA512
cca821118ba44b40ec812ea2c0e41a5d05eafbca0b69d70c78fe0099834fa9576819a10e245687b86d4e274913a95f91b0f8d006d028ee97733facbae7ad1a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
6829b05e11e03f880bbc5f853e23e409

SHA1
8e397a08098417fea9e0d64f8d12bf4fc44111e1

SHA256
7f478e2244b24c3ec9c4347d20827fc4bf73ec71e87da5ecbb54c7e9d7f65236

SHA512
4bd47d7303c193e9dd18fe125c60180d546c99b05eecbe7f74d311af78d7ceea758db48d7bc7f36f669fef23c7b2e4bf1990fc7abfb1e31763b1e50aa0b18ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
09090650221c39561f4c8f1ab953838a

SHA1
352341fc200e2463a56f3647b21f2e17c3d6529d

SHA256
8ac42107895116ddd35640636e434cb3a50e3168ec123559d451119b5b6aa87f

SHA512
c6b84281978a5de3dbd6f9e535103cd4e7608a98b4d6241de3c6ce7f1c5b43a56c45ef26dc021fbbe12b81d5eeb63ac3aeef3c0203d2b5af1fd1976c5828d525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
c3b1124a9d283751d697a9cca89e4080

SHA1
2297aa29535f0edcc54e2598bd2b712578c0bf40

SHA256
66ab00ab7230b9b49f962072a482d6a068f412464590da000a8f30a21d774247

SHA512
71d92742ff3bd27f9aca86fcf1e6a98a91dbee085371e292952c027fac648ddbd975cb87e1f744be1825efd1d4fc06de5a86b981a3d6e6ad9175da08eb951a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
1c1168a16ee1a070f09105b4893c4c92

SHA1
19bdf98f11c335c0749ffa5772e5a5914fefd910

SHA256
af5abdfdba32115d0b62d5fa4daa4d143ac0c0c1aa2839ea68ff52d0ae6ef870

SHA512
9cdabebcb4a8b2ddc867cf2dd85ba0b670978466a3e29a843ed9cdeb4498df7de3afd966be586712273ac4335a44a1c8bea02f667444d6b10a2196222b1abb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
dc435e51e904ed8c82edc12cd71b6f7d

SHA1
36e78bb736b5acee2d7e1d460ec03c471141d755

SHA256
37d619e18ca9ed10222936ea82dee0051dad16c14cb4ed2cf53b4bd81c1b70a2

SHA512
3405d6e010e165f4dfd2947e5ae6903c9474b67f7b9d10f1595a1da3a5abbae2578a2cf5afcd9af1c8e691ab40870d225ba5d9825283ebc3a1adb4998bdbb672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e6a7.TMP
Filesize
90KB

MD5
59a377b29cb2dcc6233e14535c6186e5

SHA1
586408c33c7c3578ddff87bfba90e741caf5a495

SHA256
591a22a5827561fb476f3ee2fb76aa80c80514e92d8c828f134cf6411a471302

SHA512
664086b12e6717a158225489f1bd378950abe8ad83baf2e16e9e24a5fa1668e609494741a65fff8c12866bef9573caf6055b02dbe17ba70f6dfb4f22f840775e

Download Submit
\??\pipe\crashpad_3324_RHJLHRJBBJPBVFNT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit