e1ffd166e6e76c4cc066928403d9cdf254c7e65db46cf791fdf58952ffcf76ef

Analysis

max time kernel
55s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 20:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Copy of PlayFabManager.js
Size

2KB
MD5

eceb9d4a5b255b283242f7e6705be647
SHA1

05dc6cc164deda22026153a53f5b940e7767eff8
SHA256

e1ffd166e6e76c4cc066928403d9cdf254c7e65db46cf791fdf58952ffcf76ef
SHA512

68c86af7664cbf28ab3fb2c5631f44ecfd2572b7f76734443f4b59ff410bf2bafd71af16bdb401b5beb14c02d4f1493a87b7140ee971cb77492a43537a30c467

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2852	chrome.exe
2852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2556	2852	chrome.exe	31
PID 2852 wrote to memory of 2556	2852	chrome.exe	31
PID 2852 wrote to memory of 2556	2852	chrome.exe	31
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2892	2852	chrome.exe	33
PID 2852 wrote to memory of 2744	2852	chrome.exe	34
PID 2852 wrote to memory of 2744	2852	chrome.exe	34
PID 2852 wrote to memory of 2744	2852	chrome.exe	34
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35
PID 2852 wrote to memory of 3028	2852	chrome.exe	35

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Copy of PlayFabManager.js"
1⤵
PID:1044

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f59758,0x7fef5f59768,0x7fef5f59778
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2204 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2116 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3012 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2428 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1376 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2788 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3484 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2364 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3400 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3348 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3492 --field-trial-handle=1300,i,9827529269749423368,149287347558250117,131072 /prefetch:1
  2⤵
  PID:1528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4fe43782-da76-4a05-a1c4-9790c1d38042.tmp

Filesize
142KB

MD5
d123cdda502d7d84854d9ef9023f58c4

SHA1
085214d7163be292d7fd785066049b435395f446

SHA256
2aaf109026593b9dee63af501801405eb93dbb71a1784d641cbbbcc925fca739

SHA512
179692036ba6eacbd8f2ddd95fb402dfeaec8d19bc14a87790c04eec8c1274ff80c82b3c5241ba03d455e36933c8b1f37217b0a689a0c7a302e3ee78dc9cc940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c8ff14f32ffb8f53ae13752112e0503a

SHA1
de0964422b5e996845a2c511443ecac52427abd8

SHA256
f73bdfe5bdeef6b8d54b57af3775b3f2540df0ee69a761a02a25f387692d8b04

SHA512
1cefaace836752e98eed8204c6337065c0886faf2f55fdafa5fa23caff0bdbd120b1a854729ebafee2213b2d0b44df24c37288573c79323c3d39d2b87f6a3069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a44b7bc27cba3ad0bcb8b7dc78d3f9f4

SHA1
ab95b413821ae12ec0adb6204029c1b2edb9142b

SHA256
9b1e0a76644fcf714ae90ae5d602faa6de57837a932ac6ebfbe528b436ae20ef

SHA512
d893eba906b982ca7fd09fc503988515133299c464bb8838bc57d8c3e46b3a6b6a159b83cd74a4ee19f41ddb7307438cc8f84f5b9c8d22d65c0603e943b92d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e18d62af302f4fee80f61317f92ab24f

SHA1
8d47861c259892c06cd5044528529ba2499cf42c

SHA256
2568799ed15ff347c42cc76834a6b74b87079f2af6cd0c49f3d391ee987a2fc6

SHA512
e2255e26aaf8f71d31074babc15626a65d7649ff784e62645ad1fc9526dc7449445375c8034010e4494804753296a19cfe97cc43ea12429042c37abcc593bfd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2f89712237a26b6675f62c7b73078aec

SHA1
b5f401c4a78205905680c728347be02aeec922e2

SHA256
c136d4868482ddb4324321ec1c0e4ed4ef50e93f05d12c3c27744f48ef5b4982

SHA512
28d6e56b4be26ae7de9082970911e55bf1fcdbe2fc2fe3f87f37d6e31f46f37e239a79e33c216f83b9798373406df8439fdff1e70b28f471b668fbb22e804e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e255efe687084548f4c0046222531365

SHA1
9356688751216b2767d8815b21525794508520b7

SHA256
c4633bfeafc1d1e480f890f0e43f1e69fb003c58eab1c9d615d567c2500fbdaa

SHA512
a311ad1a8fd25e79ad42a2c68d87c05e95ce24dcb22cbb3693c5957edc8b47afcc7707fd56fa467d7a3647af878a3b592edbc89678fb877b2cce2e1cb55c8028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
b9d5ef6a1ee938f7c3e2c2035a550a60

SHA1
7ebcdf76e70b50eb2a941d6ba1ddabcd4f6d28ef

SHA256
130d41be4e42d8fe298e5301dac55054e4b6cdd067f976404c8812b0349e7476

SHA512
39662ebecd1db55053db16644040312da233418e879242830786b3f99a63fd3d92512a5db86585fd1b215de6bd0cd982129d506a358c4c9de1f16f4cbdaf9f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
54a02acc3820774155988637d10de825

SHA1
0ad89c9e026ea4179e7f38445a21866d177b3d7b

SHA256
607254a0a6ce62184ea54a5f0af61a9b823704a6c21f12612490bde4f15b8ed7

SHA512
3c8fcb1dc8b2b74453aba304a1685ed9b2f92367bcb54c95b7bb5eef50fa4d16808d148a98a844b02044215d8ab7ed5ebfaceb21142a2240ba32bbb4b2c610ce

Download Submit