hxxps://docs[.]google[.]com/presentation/d/e/2PACX-1vQpF_HjR8nolInPP2EwtbH2ZRrjYSpzTH9573lah05-h16kigB6JtN6e44jsnq8SzNMh-Z3seX0Owcc/pub?start=false&loop=false&delayms=3000

Analysis

max time kernel
149s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
15-06-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/e/2PACX-1vQpF_HjR8nolInPP2EwtbH2ZRrjYSpzTH9573lah05-h16kigB6JtN6e44jsnq8SzNMh-Z3seX0Owcc/pub?start=false&loop=false&delayms=3000

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629211823876060"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1904 chrome.exe
1904 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe
1300 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1300 wrote to memory of 3336	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 3336	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 4568	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2680	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2680	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe
PID 1300 wrote to memory of 2012	1300	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/presentation/d/e/2PACX-1vQpF_HjR8nolInPP2EwtbH2ZRrjYSpzTH9573lah05-h16kigB6JtN6e44jsnq8SzNMh-Z3seX0Owcc/pub?start=false&loop=false&delayms=3000
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x64,0xd8,0x7ff99bdc9758,0x7ff99bdc9768,0x7ff99bdc9778
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:2
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4460 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4980 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3036 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5172 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4388 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5360 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:8
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5172 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:1
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 --field-trial-handle=1508,i,6193084935985109695,358760742152288486,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5080

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
870748ad6e263a776a057d1c835eba37

SHA1
1bf06c3b4276ba94eef8f0ded8ee179caeec6d44

SHA256
2cce8b9ea0568539492897ec781449a0e10cfc8772d21e4195d55aafe714b81f

SHA512
6e8d3ad8a7e63731016eea1354a9667b6cb3557e1a1559dfa3699c584c3c71b6b74d9a6c4362b06335e1fcae1c7951f25481e904239540e03c3bf0601aedee05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
cb6a8d0a3210f6962517e1b5d6229206

SHA1
e654100f445a6756fd0433efc1ea0647d7c6ed1b

SHA256
1bab5a5cab697793c44a3ae486fdb0caffc6e9c845c644c33979c0fcb8bc079d

SHA512
8d387e95dc1de541f4c4c5edef3cd6b176cfcdb9811f49dc8d59cb4dea4f83a2ec736020992833344d3657aa5796c8b61e7d673f1affe97ef21bfa2ce57944ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
fb3485fd3a34afc050d588a5589289da

SHA1
3aa11ed4eb55dc29b828ff22bc293f93e25121fb

SHA256
149e6ac4743fb81b1901afd44bd6b9a83bbf5112702a81e68dd36f2e3f00b5ce

SHA512
1508b6c7a81500a79c18645d9e138601010940e61fa37254ae3e8b596e76385846ad956a1aad5acd4c5e1c1d02cb5f1324345ed69adf09d0f6b2c05586cf36b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8925d630bf26d40d77708569181b6498

SHA1
4bb5203cd68f3ac0e8f08188fe37cc814a391659

SHA256
1e26b5cd4b119b9c90b1af8ffe0fcd42dede87b54197d4821f1e90918c7cfc41

SHA512
1968918928f1e895216b48c19fd5092d0d6cc49d9f5842cf3ee488288e79530deec2b6e085ae24c818c6329c01a93dc9b7ea7c62a6149b3c9544727f3352f10e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe5867cd.TMP
Filesize
371B

MD5
6742dae5d09049197aae83f84c90e9a6

SHA1
c9dd7d1efc047b52de47912796101866796cebcf

SHA256
6714a42ed37c825b09cfd45f61dc3eab93ec9f0c1726ca5f08fe6237fa657130

SHA512
c1fa66aceb3e3eb61fba2428bec803890f9ea7838b2fd81e6dd7dad14a1b61b1992d0e64fd6ea65656802b8f556936598152cba4ba2eeffc3eb4afc8dc4a512c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d00966be638f6413d92c1d06c41ffbd7

SHA1
b7e465d03afa1326d3022627f963868502e2559e

SHA256
8200c78f4c9643ddccaac91c9b416bd9eab5b0f532858d920f59ccaf1369bfca

SHA512
5080e5ce0a7d4dfc0563140ff4f3f3f7530b94d899fef30a32b4b529090fb11b0e42aed9fc41360a328008148f29e82c42d48635079f6176196d16f934354d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8911c8d51050158694e4a4433665006b

SHA1
68a145a39e649c0f163f8e60aed01f07334f377b

SHA256
7b5de08f83a1fba8f4a71fa3f8eea04d425e2b8307cedd6be78d2ed0dd77c5a8

SHA512
1fb86ef5448ef7df2bf55fd8e826b7aed5342a61a985f17bfc1eb77d9cd584ac01079701d5e0ac3f00cf50839c85a0162e6b9c6c3b45110ecd6a521970538294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ac4b0f86f4138537c090066ab39f2ac1

SHA1
594e036a2505bae116e0ed5bb0124739da3ad225

SHA256
61c869807e3d9ff80945938357a11b62b0cbc97ae1e56c487809b53993db588b

SHA512
035de7af807b3db15b2d9542d39c4af1163956e6fd40ee52f16aed94cc28e9beb8e6640980409c01fa3fbe75638723458966d69b6c0913e0e34cbdc7bb7c4282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
523c7b2b2d4ec2ee6b70562bebb7e973

SHA1
c59f8a27e9bee9f3e449df0facec0b9c612f5a3a

SHA256
61b0b52268af4ecffd75538897170519b3fb276e2aecac290aecd6c9df458f73

SHA512
3376cf6637f502485c445691772f0dedcedaca9d5e008a05ec0315b70e4aab16343e7080a602943f4fba0ade423f65f25e27ab9eda6db677b9e43885a763795a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
deb2688450633be14f3abd44dc4eef5f

SHA1
0b96383557cb36baab4fda02d1ea96579eb41b79

SHA256
7679c6494d2a8a45faa4228979ef9561ac95d730931f91509d7faa6f164908de

SHA512
467dbbc090d15650574599fc5b51da1f80d0c62e2d3dd3ff2e676a991eabe37baf059d483e8c3251493b27f4f0ed1285e652b66b5d2d73b614601ac2efc9b0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
167KB

MD5
35ae2a516b9571d81f15d964eb2c1f49

SHA1
b50ee3dd332b9f0fe6ebb4c6d1c0410af10b4e43

SHA256
4d719fd366dd95e2e1ad6c089c74e3a9887739cf246a5b4a4411cb2291ec6234

SHA512
a959c3abc338dd76e40a91595cb089055cf55a4e8fedeeb47cd81d0748731a2f8e0a71518430952a832d6aa5197aceb6d2d7096eb088785922d2140120f9cc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
4dd619a1f40793194cdd98f3a47fdda0

SHA1
a5ba0539fd26fe03f28fbafe50c346ab75e5adc8

SHA256
25c46c49559571b5f1e930976d87471299c2ccbf5b68cd1cfc8e415b39fc97ae

SHA512
372ef848e34d35531fa9a6325a447389ff7c4f864b2fa5727f8b7f7bf8ddac7bd8fb81655d0e8599cc204daba259bb114f0852bac664f2dc97cb85bd49c9b643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
2cac56c082fdac5ad4795b8b5b32f9b4

SHA1
fdd14de4492cdb58b84cf264c771892b60df6464

SHA256
0cd5e70b824e7af5a73dbf8daa5b315c90b110ba05a51c9773cd510edfe87544

SHA512
197cd2f7b55f8a53834a5595e3498e164e028a93ed3bfb28c933b2fb21d025c55634100dc98ef5ee095ff81fb3be975d91985355ecc71304dfec9fccdde276f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
084425241ef699c661b19e936fcb8a5a

SHA1
641ef9ac2484092016f253362a3ee62f8ba4a3f4

SHA256
1aceb08cddd115e93701f54001c7e1a62d688d7e207fb68bd1ce60bccfa5d967

SHA512
f90828134ae5fb7df41b9c20f96d939f6a6583429d6b04958693f9c5ca1905a5c8b0c7d669277556a976fedeba4605916dd42eb9016483b9e3fcfacb46e25406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
2682e692e21c3265ee95bcb62ff03fa9

SHA1
e8dd02ef52283cfa0385a7991c3a6c824084f68a

SHA256
b290e94db3541d9da2fa78bef80acade321363f2dab6c48514de6bcd155eb68a

SHA512
cc76e78aff9aaad372648aa0c0429c4fa73cfe308cfeb04c595605e58902f96eb2321c5634a3a18428699dfb9e15b78ec922cc419af083edeb0f10e3b0ed569e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58756a.TMP
Filesize
92KB

MD5
1025b43ba71ddadbad321cb827e7d6ac

SHA1
f6cd50d78de1a3ede8b99e9e3785d052f42f8948

SHA256
ac781e6a23e25c2628d450a861d1fbe95ba42ce2675d52e7a0da918bff0d68c1

SHA512
827bf29431da56098e146d7654c00d485b97243c3b03ef133568a6a3f10d084bd3b82972552800e8120d93f47224228de37874fcf9e230c90bc6969c717817a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1300_OTOTXHJQKEZMYMNF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit