hxxps://blox[.]link/dashboard/verifications

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/06/2024, 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blox.link/dashboard/verifications

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630192685859953"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2332	1608	chrome.exe	73
PID 1608 wrote to memory of 2332	1608	chrome.exe	73
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 224	1608	chrome.exe	75
PID 1608 wrote to memory of 4320	1608	chrome.exe	76
PID 1608 wrote to memory of 4320	1608	chrome.exe	76
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77
PID 1608 wrote to memory of 4584	1608	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://blox.link/dashboard/verifications
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff844799758,0x7ff844799768,0x7ff844799778
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:2
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5928 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3080 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2952 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5724 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5680 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2016 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5656 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=876 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5104 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6188 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4464 --field-trial-handle=1756,i,764286554397411269,3033374647662965808,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
bf3ae6daa9e0f9693d2d89851305ab91

SHA1
07f8a82e77e9f77f3b3ec79729ceaa867128b2a3

SHA256
58e5d949b59d4f435bee623d3c34e076e32a0720091de50a60ec68b6549c9112

SHA512
7b330fd56a0499bd03bd3eeaddb91913d3463a15fbf92cd6542b3149bd6214a6775734ea01d4e557f3e823ba3a426e1fedc5011355014969309f190c066076a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6afa0e3ea56d6150d23f0a2bfc512b61

SHA1
a5d48e8fb40ef8d65694d0952d89fa527940e528

SHA256
df8bd9e91acd8498ea61f3163f5e278ec924a7b8d082df2a7f02cb5e6b390825

SHA512
a92c11299ddf43dcfd33038349cfbccaabf8829b9bf7265b8ff05802a7822be7f66379c65d11ad0d26426792e946fbd864b8709808230c749d2e91e939e752d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b981f3c5855c3aadbde0febc1ea24210

SHA1
cd007b33742a2a95da2cebc05be92fd99a209e11

SHA256
e11dd1c9742b1fe5d9b99ae21c5b2d5a726bed7b44188652afc3d1ac3f0e4044

SHA512
4408193a9572b6ab172bb5cd315e65e003661c111e9b1a4b050d1d2aa3d078a759ca5e07a2fe08c9cd2b849b81d712b5cb13bdab4e9a5801d6938499734ba833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
279d8907301724a5ef5ea97a12796d1e

SHA1
97f9ccb5918d3053c6bfa3604b55f730c89e3580

SHA256
10cc0e7cba2199f89c99d3b3a11a47d3532fcef254da156e68b30c2a938e877a

SHA512
134fc85e6caa95a800d8b12c25fade474f8fb248beaf1d7e339dee151e34b208f5679668096dd9a2c1e5c9f7b15c0cbd418d8d013d924b4b2a5a10676c2c709a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23b9fe553aafb4567f52047510e69616

SHA1
6ca1ba6ed29d5a3391b40c143791e5b77ac602a6

SHA256
8155b14b081ca3b630e4a1412fe849c3deb57955ae63f5267ad3960069c5e464

SHA512
56d9171c98cca28b136b45e37a61b7286f03db966c8a47f77b614d4f6b175c3ff2c8138c45edbab2efa18f8c6fe6aa8e8e82488e3475003de28357f155820eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b3ada310648453b79aecaf38fe4ef48

SHA1
c8e788786c405c84a476e759ba21cc2dc24a2df0

SHA256
4bfb859c2e3c7626863d9ec79b127ceafa047f791993b3c21af695ad254568e9

SHA512
7cab8f460ecde9594f5032ddf92ddac608757bc02c9fae4cc31565707bccdfdf8b3caac78a029480fbcc6f0cf36895c995177858185c1ca241af8dcc9f889ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
127c5339cc7f276b76c57cba609350f2

SHA1
85d1eb403605343e227c8feaced332c5f738d82f

SHA256
f10daaa224f4088b512a562d096192b94ce000c5aac276d26ae7d57182cc0307

SHA512
e808411f37a9b2319aac60863c277c7338e895381d1760a287b171771e58fa39ebe8fa15f3a1a373a3bd9037e0606a6a7d4cd9e4f0b155edf6c7501e545d2292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4f58a624d8578d7220f7b59fa56d636

SHA1
e20bcc32cbde46ea3ec0a245575ff99a3f56b4ad

SHA256
a14c8410b5afd9834c792d3ee574e5ed22ff15f1f372552c267296e1296d2c3c

SHA512
e9ee28e12617db52a2823f6978831c9b3a80b948579790bf54da026e5e1f1e8ef4d6b9c8f314ffa2f447d77909dc644231db5240337644465bdc56f86e1a38bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
af67f33877047799de56e5b61ef575a7

SHA1
74695492391eeed69318330573b217fdcd865d86

SHA256
ed19c55605979e659829b749535bf03b833e7cb020f95126f82bc69311009b94

SHA512
209b6512dbbf48566b124ea99aaaa6fcfb300c76c79290e18bd844f712d535917ef2b360c9f13d5015e75b14cdb27cff83f9c11dd66938da4af1c42fa5acbe47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d7451a23e8f3784031b4e30d1a81da88

SHA1
91e3d3113a0074bc6e3c3f36226c86280280be21

SHA256
c5c8aef81c81962c53d65c19e59f078bb99482c6dcf42f818163e7b0ee3ba49a

SHA512
8a9a58f5f917f8fb440f718e347917930a875d77056499c22d239c435ae7a9f706fa347376063325373fe683a5d703160be350524dbf95ab6a62df22e5776b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
903902301ff3856e2d2a5f240ed168ac

SHA1
0e082dc78860af35a9348ab5cb20ceb09492ba93

SHA256
aad317dc2c67a94514535594ed989b8ab4be1d164d0af3afc800210e60b82dd7

SHA512
56e4afd047f145a16ffa7a14051c0c3e864f50921bf4b2951ac39c8ae8997b6d060abba64e589785c358706bac06311b9c6c6ef1042803f44192b07f29b6d9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
d9f090eb8a59a89f48b445cb2e688506

SHA1
096ec923fa444a43d504732fa856c74f17635c1a

SHA256
4e94980ecc8318560c1332fdca2d8b8f1afcabe85f0441e70be7ad12be402e55

SHA512
df0382d6a2cffb393fe36963bd686a68d96b80f1d6f042bcd5fa3fe21ffb2706b374c7abb1d72923d8575b28aefc0ead628ac920b19c56b85ecf2a2731a7d5d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
b8682d87bfb04c21204b4dade1592a01

SHA1
c5d3abe61b43819d9e070b7905a6dcb0be563a6f

SHA256
4d19d31273c414b317e87f839229a3344cca98e6cf94d881cbf09cb0faf53527

SHA512
4344ef110ab49d43ff93edd2bcba136775f7e00a9908bb2d94581b5eea54d3030a688463c27b1a4c8a606bc1a0069202723f898b86b30eea66e3d2ff806fb3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dfd1.TMP

Filesize
97KB

MD5
3298d8b47ef122d17a8e0c9009760f58

SHA1
8117d595720a4acb9075bba9c072b72f8747fb34

SHA256
d3acdda04f1ce04191c9c804e4eba54c3feb5869f37528da5265515449ff000c

SHA512
f60e876722dd92827ed1ba8387274244f7341f0440bc251dcf9b0936de8b4c944f08859f1f9cece9bbbc029af5e28f08869c29658dfcdc798916f4a6c1772208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dde1078e-8401-4266-828a-bf1976ecbf81.tmp

Filesize
98KB

MD5
bf4c2c995d16ce0b7b3647808bac4b95

SHA1
f6e2e3f679795f59a6235f7346eada1dbd1081b4

SHA256
1248247d98fb9764e5f10bbe2329f2c55aa9c19d179c8e735a82c0b07dbbc777

SHA512
ed40e5defdd1c3f8e86ea15c5dbd9bea33a471306b330a6c1c89d2cdaed5a248fbf589f5af2133585337b333a5d3069c1de448a3e66689a854ae2f85a54c47cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit