cae860044d6969b1e7540c97eb7371e4df1be08b1caaab64424425aa7a23a6ee

Analysis

max time kernel
1800s
max time network
1795s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TestConsole.exe
Size

262KB
MD5

1f195793c2802ebeddcdb1b13f23476e
SHA1

216efe9bcd245350baf37d5bc3b5073cdb5f2e31
SHA256

cae860044d6969b1e7540c97eb7371e4df1be08b1caaab64424425aa7a23a6ee
SHA512

4f6ec7e606d6e12a17083fc6aa21ca3f5d523d7ab6ea41d939708bff0f8ca540e442789b658c239c089f20d0ce40fdac1426d64757859e166a96dd9ed499eece
SSDEEP

6144:VybkRvlY/lWqgYiwRVi8O2JQ2366PvbfhssEA:GkRsq2JQ23PPvzhD9

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
44	discord.com
45	discord.com
46	discord.com
162	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{34E9C24D-C647-4662-AED1-3D7DD4DB4566}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: 33	3748	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3748	AUDIODG.EXE
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 3936	1320	chrome.exe	88
PID 1320 wrote to memory of 3936	1320	chrome.exe	88
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 4552	1320	chrome.exe	89
PID 1320 wrote to memory of 2992	1320	chrome.exe	90
PID 1320 wrote to memory of 2992	1320	chrome.exe	90
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91
PID 1320 wrote to memory of 624	1320	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\TestConsole.exe
"C:\Users\Admin\AppData\Local\Temp\TestConsole.exe"
1⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4041ab58,0x7ffa4041ab68,0x7ffa4041ab78
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5016 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4628 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3264 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1636 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4480 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1080 --field-trial-handle=1892,i,13879086278902973293,5335197904560877249,131072 /prefetch:1
  2⤵
  PID:216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
107KB

MD5
171e6cf25882b3de492c41615a30e2b2

SHA1
a8f030a4d782753a125490db737e669e398cabe5

SHA256
8982eb7de3ace95b0bc0377bc1c343d73644a7557dd262ab44c1b9c60054ce1d

SHA512
0d09e0a7b84484dfc1b8c5a4ceaac2fdfbd8b543ab81ac3333be4cb449e01cdcbbd03e60ecac5c5d7b9a6924c23544493dbdd8385fda43d8662f4a189f392f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
19KB

MD5
ae7d16bb2eea76b9b9977db0fad66658

SHA1
4c058e3962a59788b413f7d6be3ec59a2c4078fb

SHA256
1e7f6ea1298758403297e8f9049b072db59dceb3518186164ffc16550c5c5ac3

SHA512
177f7ab63e2f8e185b4d4efd0bd9d15963fe316701219a6127f1d68a72bfc130eb1e46bfc1f213a06299328864778ecd9ca0718eb3c2acc45abb22c74e2ea6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a204b381c5cffb122410c5abf817da3c

SHA1
919f3b729349367750fdd278cafaaf2eff6aa7b0

SHA256
3e18caf400bce04e450d52cb61008afec6ecae9aa7b369b42c80388d6483942e

SHA512
ce8e15d8a39604afb22abdba88f6f967cc82def659cd5f716268fea5f3633120861cbe7bbd35932cc12a1c578626c35791ac49d45fa22674c54a00b25f3b7a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0ba17d2cdd97b4795c71f6752ecec997

SHA1
ea83b90b3ade560959041f68f39d95d46b09f7aa

SHA256
e8f18d6e2a4e4898f53c56560945d14f22320dc0f61a2eec5e7e8d3b41aa3b7b

SHA512
d0c66b40b487fdc02751c0375b29f2474c7139f65abf21b134d951bcde2bed3aeaefa899e6f21467a615661d0457dc340239c15b8857c41af4459026892977f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8cc9031eab8593d50ff08bf51b5ef7f7

SHA1
1b4699fadc6e8d9e0e57d3345fca6e6b04baf284

SHA256
a4dacad2f44de744133767c69875af589b670fae1588c3bf44d4c443b4003531

SHA512
b32a068f022ce34ac3d0673acda6c2454f9227111123e2acce4d44de750a4064638a5927a671bd21ff7569f4b049fdc467d5ab04180a357ca851555ac0b3c0e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d7cb847c3d11ddd09770b46b38ae6992

SHA1
b9654bc37b22f00e59bad92f8d27f99e0ae1cb86

SHA256
470659e92fa236d9cca6c4eb01745b47b2ebed7b96ca60ec337ecd252a4bcd67

SHA512
5f2091562dfa0cf133d51ac2b2ad7c8244abf9575572196a8c8381db1703f5bbe8181c1bb83e6044b7cc79b964ec4351c7dacb7c984f5183954e58218de3ea66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
72fd8ea623ddf579949a854cf3a5582d

SHA1
433161ca2e3a599f35aaec06636dbbbb30e11eea

SHA256
3347526c3c2a1222937a8d1d23293bd0651a9c2edf4cb11636611eaf78a3027d

SHA512
a8b186f18ff7cb726d72598cca83c63e86aeab3d6fe4c5f11f4b36914b5f900404af9a8be624c5fbfc4e636006d86555f942e54a8c43c3594d56a3d6a4e61755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c981cdb18143a7366b5d201d7705d2b1

SHA1
a1437f1f7c9df4d232d34305eed4a66ed32f5aa5

SHA256
9690d8c5bc54dc2bd8be69626f5fc830174fc102ec3012a8d7bab60c929d8b8d

SHA512
76f7be056f77d41322a46318a2dc6fea526de68195dfab3a9782945292e5e85f8d14bc3dc9dbdec12d5fd12b6193677031cf355e9a697f81c6492001664dd782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
20c42840033367e39dcc703a892a0657

SHA1
a76affe0671411657da20ea344353e16044d016f

SHA256
43c14b144e44c5ede1d24a37a7ee18d66d5e581e828a80e7630859bd8dd136fd

SHA512
d1af4ff73be09f724fc9d5f40e08d5408d2898b11ed59d5a8448ff3a1cd58f5b442a87bdf7a7bbee929ef5978469eb068194dc4c63268020460ced67fa85dbdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83e2533b300ed6a2815d02297cc7600b

SHA1
421fddfbbba233e185947b72e80f8e4f23ef681b

SHA256
8f8d79648b4c45d56d45a9c73b4fd23ef29707bb868f33ada72651cb9e05861e

SHA512
8a1439678c7e1affab1ad6dfc21919c57a4465182add2e93bfd41bf44f9fcd6a401b0d4c87a4d854cdb391f9af6e9ff1d3319e066cd6abfebfbed79e8b277c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c2a1dcaf3bd9d25c1e74703b235b4da1

SHA1
d9882f724c496fb5c2f0107a6f98fa0e8224f7a8

SHA256
b80e4254b68048e76b4fed3035b73c7b6877322df6f7c18b3c268657d5de164d

SHA512
76c275e0bcd97f5628bec72e4546f3f55b1e373a252e8d2d6749a6c6ada43261cf1e89b65bf1483916bff7bd85e8279ea49649ea8cc69ca6d15659d853cecdd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
16036add3c1fd266cb13e5ced0cce0b6

SHA1
67eed7c7373ea0bce8373a7540ded9da4c5f1ae2

SHA256
90005e13969d50cefef3769c29c8e04124298d4de9d60121e02970cf7ff12a32

SHA512
6cf2ae9299d50ef971be36749ea7e5a7fa142423d85000e5d345074cd0c81abaca89b6018958d79334a0d2bea3dd92cc9913d83a41901222e51b5f73d8a66a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
da417a5eefb59c3fe5ffaef4174bdeef

SHA1
4a90e2ec30003f13a3a7b2293bad4c2b73f9545a

SHA256
276fe302365158341e2f38b9a45849ed4ff6bbf222d0b9fc51c9f68881888c40

SHA512
67dec50cac8250e1d8abd3b53410c62b680fd86a1b0a2070b6262547e6f797e525981061147871f035d7ab425ce3ff75533d881aca04e33fe8cba502ad2066d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6234861d9aa5e6a903d67f6224365337

SHA1
18c9de41141cb099c199b7110fc3ba91d576401b

SHA256
e83cf77c07fa78dd62a7cdb990614469da0faa68828e3f1e075c9da9a7b90fd2

SHA512
b7697b056362914133adc6872fbdfa90bdc52099690a35e96594d093e47d72201dd4da840be40f3cfff6486ceca4e489a30bdaed3a9d45763339d9f4d1e084fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2308b9723bcc900df5d6e7f19ba3ff2d

SHA1
e8828dd1c0ac2ff2a811b2291c1d67b5916ec85c

SHA256
e336189e3104f612e1f9d074a2f4aaf82b928b3a2d7d4ad27d63fecc93df3b05

SHA512
fe98e533ca4892c66cc5dfc7594a70a360858c1f4522f565305ca758289895fbdb90770c2a15b4e3b0a5759f2f36a4fba19531031331be607ef0a7586b67e6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
bbaf0d2fff39cb25cc2b48f2c59f3092

SHA1
0817b0b4688b12efe53bc6e92e7e18eaf7622a9c

SHA256
ff7cd72138f3aeae598baddf17fdb1973507b644f0d8617a6e9a7b50d47a9dbf

SHA512
58e56f887c22dd35a780f1a761cc52f2202066c7daf2f5d4630a2ca97066634067afbe7279e81e7a21aad107e8b54cf9e8a67674e3c96bd18d44c357ffefcf45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09fd14aec2fd328a30dda081b64c5981

SHA1
5402717e9795c7cb628e0bc6c3b4b6cebee70ce6

SHA256
f9d3a87e6658b2f81b296b95737fdfce56996bfee582eb1b2adc5342b3916494

SHA512
46795eb838f7907e57cdc267833b14e3fd33d54642f74f32a6c6827a81f2072979d5e10a2c1c2d7f51a4fa5820cd3ae17f11fc3dbf196295dfb21296d1f6057e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
289c27b6d1db59461f659c1659708379

SHA1
0149d6f173f849a967e53e34e1bb3c2d5d2c7dbf

SHA256
36441598a5cb3b07d815b201d1195eb0caf8463d7bfd6ba260352cd5d2ff419c

SHA512
941bcde6fa4b45cd1de619d20bf2aaee999d0f35f6d12694175e9f18a423fa9a6a8324218cf770fb8bc37de1a3178d4c178cad1bd50e8d63abf71282b3986ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
130a0cc29dbd03766a766c56944b8c67

SHA1
db8fafe5f719e6370cf688d41ee2c7ae6d91277e

SHA256
993e7d89cd1a014edfd247a44628442a3b4d3d57e766e4d095d75302add19863

SHA512
9ca0318aaee137893d5a67d482dd849e80b690c1c867252ec54c6fd9faf676bbb2986c60d3483b0febdcc18102a67557d0759df32f0c550534affe358aeb6c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd81f46cb358a73431b8a0cc28abdb9c

SHA1
933f663e39c707696dec144bcaf9ba3c453b32ca

SHA256
7ee67e6890e5c08342c4da7aeef021739f71e34505910dd66555680e6e91f7f5

SHA512
79af0e226c8d2f2c0cfcad47f4da2cfbc259ff5799df884905f1cf02c69d9fa97c2d26244600aaadf460a3db043227a4373801d66fa2497944a397809812d3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
389dd5cf0dede84d5f94bbb66bc384f6

SHA1
297c3f66463ebee4822e848c0052523d3768c5a5

SHA256
15ac4bbc923df131e393234843a1a2dc98a1f720735634ad93cd352d2fb291bd

SHA512
9d8fb5cc0a4869f0058b841dc08b8bb8f49c9a07322fb58c8b294c78766b4d9a5a76665e0e406907654de4f5ba5a569c0a0350aa991d292699c777bf6767d47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2c54ead5def3cdd6a702ffeb61d438ad

SHA1
7ee0beb32bc054c0ca9a178d2fb9aebaa4b00d04

SHA256
540bd9d8f310c8724fe997b462e20a94c36bdad02c8b6c882c8649938a774b15

SHA512
14981ae4dac0da27657392715cb35193fe8a4336a2780ac107b775adfdc54fb89a070201c6fb53e82d0b1ed51a32e5e84d954cf3f0dec2f6c4fc156791288249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
29150d3375177e618f28f594029f516b

SHA1
564f77df5922077e826f7d5ddffeef93e9370995

SHA256
12787dae3d53150fb41d019cce969837c2cc390965813d9cc1b62e4c7b2a8ab8

SHA512
9f7bc42b7a1c1b1fa2528535882620d1f9395bca83dd3e3ea1ab14e635df37bd65b7995549c005f216fc03077bb16fc97f410fa1931d9628e20c0f98bf146021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
db696bd3f9c31bfe575366e65a0993dc

SHA1
c3ff91cf7e3f56a9657c5672598aba75116bc9e5

SHA256
ddd51399370107912792ffe8346b1b49e05889e7b63d515a03be21c0dba0d1e6

SHA512
fdf8c3b6cac222b6d554ccdb4e7c7363aa5dce420caa4d438df2cc062c7511327de924c6da8bd220dd8b5f2b778695a5456f3efc459b19735f3cc64ebec8e4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
525a69e6ac49f142e35d88bcb8488b6a

SHA1
9b0a333b69d097f134eacc6a51de68d267ab0b83

SHA256
8f983e6cfc943aad8e0decfc19d110c9cc9d1816cf868dc52082b172634825f3

SHA512
437bed39f413a57c2f784cf78b391fb78b5c20f72cda23b4fd31794c95592eceb1332ad3e8a958175032b3c0a122de0bc1a7fd0468053b0fac2ad017a326ad53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
579514a313deb769423c07ab8b13a13e

SHA1
d98094aed925428767604e18afc2b7f3ea757d68

SHA256
4d8aee959e54fcc18bbc0846f485014669b78a3cc121d485448da8564f13852d

SHA512
82548dc21eec0f8c9f5f94d0fd91e05b840d93a9617093422b52b8e3411f9a9f121ce39e6aa1ac97735788df4034d8cd744d29f12d8d57dc6e4542de6fd7774c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4e0aa78618c967f0a99b12dc2a7cec11

SHA1
e4a81bdf04f10d2737d6faae4c5fd9dc29050f24

SHA256
ca12fe90c58d6d2d3310516343866229aa9565e801854997763ae844daa91648

SHA512
737adf283827e026982e9a11eb8dfa7d3cb24735ae53f123bc552f91597cffa9588b6fed8db27d03eb2f05046a26e0658e266a41ce184f02ad7f813cc38fceb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2035a22c3eaacc65683aca17cebf9449

SHA1
dc5f8ac766cd23556eb08141e56a48fefff2de65

SHA256
6e70388242bf68e518efbaf2cafaa8879ba422470b8dc18520dbb33dd7cb0711

SHA512
88d9deef425561dbc10560267132e5944b11ae0365a17978e236232f9ec0e65b672a0bede70094e21f927881098ed6f3234c08a9c169db98d8f13f7f882fe4fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
78a58fb1716dd129bb1db16a868915c6

SHA1
c22e75b1390b86cbefc4e2b320e7762223b01a3e

SHA256
b82b4f52edddb77d691575e50d22299147a3688589b47f0a0fefa88e1b079b57

SHA512
ac94b2b9974391c58c210e95763a9315da01e827d3f67d29e374c92ca0f59ad892a15e0ab972cfd98987fea1538407e28720111d4ea7afe36c4cb455f269eead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
efaeb41923e403a501528a01140f9a3d

SHA1
4bb8cec793f608fd44532bb98a3be4656165cd0b

SHA256
4d13da97222d36c1a38313a237ae9b877fd12e330fbc45d59c8ff20b0fcc7acb

SHA512
61b506bb304b2bae3d3d2358cc37de587584f1be8a7d608dfb0e2c8931fb6ca25104f9841646673bf00f21bbe4d889464e62d141d2d094aa5fb0583331630e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
b0cab97774168fa94825d4d7d21c6e0d

SHA1
d513d5356aaecef88fbbf9d4cb178eca3b406e19

SHA256
d4254b3e147a6f786fcd36c8545154a60bc3b39b250af801dbd78e0816013b15

SHA512
e26a4997a2271bea220254ff640869561bea375f3ebc45d0277321a0e56ecc66c42edb67653f9b6a5800da6a77bba1791085861406bb107026c3edbe3161188e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c41b.TMP

Filesize
88KB

MD5
eb7a1b20c030cb71bc74e53d23a7913f

SHA1
c87b61f208a26859a601e6406660988c031bf06c

SHA256
157bf330495539842e9094661812df56fe3bfae0b56b91ea5adf14133738b260

SHA512
c1c03ae60f3238941674365e64ea9696dbd756de15c2641e66b82398f095f043fe471fb20e86174090ba06158ef74bbce0f48f64eea11e8f91ad18466160d35c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1512-0-0x00007FFA311C3000-0x00007FFA311C5000-memory.dmp

Filesize
8KB

Download
memory/1512-3-0x00007FFA311C0000-0x00007FFA31C81000-memory.dmp

Filesize
10.8MB

Download
memory/1512-2-0x00007FFA311C0000-0x00007FFA31C81000-memory.dmp

Filesize
10.8MB

Download
memory/1512-1-0x000001ED15100000-0x000001ED15146000-memory.dmp

Filesize
280KB

Download