hxxps://ps2-bios[.]com/download-ps2-bios/

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ps2-bios.com/download-ps2-bios/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641689464035157"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{9B9E7793-F458-4C07-9BA3-F1F9644D2453}	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ps2_bios by ps2-bios.com.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 396	2716	chrome.exe	77
PID 2716 wrote to memory of 396	2716	chrome.exe	77
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 324	2716	chrome.exe	78
PID 2716 wrote to memory of 2724	2716	chrome.exe	79
PID 2716 wrote to memory of 2724	2716	chrome.exe	79
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80
PID 2716 wrote to memory of 2612	2716	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ps2-bios.com/download-ps2-bios/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87719cc40,0x7ff87719cc4c,0x7ff87719cc58
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4580,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5208,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5200,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4752,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5660,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5744,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5884,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5940,i,10134599135604716038,12229092279705283014,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=740 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ef88c4bf6abb1ad8fcbddb5f8058a5aa

SHA1
343de40cb747051bce31b842720cb84ed51ef555

SHA256
4d85e12daaa2fa1cfad196ebce841f5f5ab615630e0ebac69dc32799c00a2f9e

SHA512
41649d06751c18f9c8186b406b6944fbc959cfa92d1f3e792e99f481e8661dad73ec5fac33ffa19e02ab24fb8b98063966c1afae466ac145760999353d100933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
19KB

MD5
3be2e9c4c58e18766801ef703a9161cc

SHA1
cbdc61e9fa2bd8c4293ea298a8aab94745e57f2d

SHA256
1c3f11c5ba6d3d5e0e1e88a3de6c27a16df13833470a19c03b04fb2f99dd5d57

SHA512
2f1a71f1fc17e79ddc1c0ba0be697fdc1641ee38604bd0c424b6ab702f008f9fd3c57f22ca959cea1f1de368016b258027190c279637ae8838787be366e40ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
255e18723cb061163c6e76196e2e2a3b

SHA1
a22bda5fa90d14386acbd37790a5ad5696f4d934

SHA256
1f9788d68d2f177454f33fa52d5e72ae6ca7ca22537d3ccc7d86736f2507e3a0

SHA512
cdebe678eecac3a1de42ee32502599b47d5744df127a118e05cfd07fc1124591294571362f339113a97a48784a09e7a945e945a333a56173ca25e6665ac43b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2948eef4a23787f2b6b70631a33c3b16

SHA1
9bc1501e356a53d438c3982b1fb90f7f7ee697e4

SHA256
ac1daf99a34888f2b5831e05bcea51140336526562062ffc3967aa064a42442a

SHA512
330a567129ac2d0eadcfac400e579cbb7d2e0bb5357431b00aded7187ea27b529afdde9bd7fb32a4f215a0818e638377a00f5238f3c53d97eb285db5d7959d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
aa2897fc7fe4ce49799a25ded449516e

SHA1
167893cdfca82395acaad5925e369a629680bfd8

SHA256
5f92618654013184aba0edc345e98ac762662f1fe5c2973a2e090cf0befd2c04

SHA512
7fcd074d13c95dd9f66bdcf43ee7919750b6f3d5ea20c39aea55cb6a599cf50601c342a134b6691b8d73fb3d16aacffda4609184dc54e8ddc06dcf7f53da57c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
5d245d52f76a4ebb4c82d013d0148f36

SHA1
8c8839b93b1d6b22f5977ae620466fac55f2be79

SHA256
d1cc5a7c195a3d1679ccbe4a053344a221f5068a00867b6b278eb2a04204d876

SHA512
67e65c9284d524f210b4df01ba13afea2ac615134d668d0a1f27159f79b1f78af7e7245197e58a78e317fe3a7eaa641b22b3c938d3539c933ecfe603d0383471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
23560b4aa31da77452155197da72c48a

SHA1
edd9b47a58e8e2dea508ae18c131342544e75346

SHA256
cae5006da284862dbbe5d08d2d042b777ef71d3637d116868edf998f5d452764

SHA512
d7e1cb13454363b81c3a15eb712764999df2edaee76dec14fa7ac1b252fa8da300a91a3115264746fb216904b50fd284243a6bf959a896e6180a8cc7a24002a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10b3bd2729081019590895834a5405f1

SHA1
2bb15255b9e5222d1f7be102964ffba615b05801

SHA256
520b06b6120f4d7fcb65d32752e9052b11deffd975126bef1e66d11876b302b2

SHA512
64df3eb96a433f6e142debdc03e637991196044d9cf59bcd2651a154e28517e62ccb2fdaecf72d030fb4bf3e20a6555a64a14ec7573e275c52fa28f43ba9c1a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d87e12518c91a6892e3819125c0b28a2

SHA1
9ed4c3dfd82618091a90468f7448146271761520

SHA256
794d809b490553fd5d161bfeb2bd71b02ab5d66c48cf22a315e9eb7f2500a9e5

SHA512
a2110c8385f64e6e7caeeb0cf9624e29eda594ff2fe5278a9a2afb0a43dcff583aa293d246b19b905fa016e71fde0968e220bc269a6b8938731c60c2abe29a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2df6c751e942cc91421a8b6840f52a33

SHA1
36a967244932286574e30d670ac0f8bb63b02b56

SHA256
14438ba48d029173e4094d1732a3ab3cc7845d21a694edbd0eb2e48be57f1bf2

SHA512
1a6010dd4f93eb4d7c1ba2ecfb2fa3398c781193c631557967d2f2c01077e14f5ddfd23ea740d55d914b0c558a811c4b5f411208fbc768b39a34cd8c2d9c2847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48f5cdfb7e7a8b9971827ea0ec16a5b9

SHA1
e27cb04688caca6e43ea80675095da7cd32a63bf

SHA256
7e8de842d6ae6e9f5ad2ba283a4de9db9144fd5c1e6917f97884b6dc7aceedc5

SHA512
cbf6be3639bacd928c14faef78ce4b0357ea6d96d503547792c08350e8721fae8ca8584f427c3e10615b8d8ee86bddc733e90c089fa6882a70e78010d3f3af1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13bc3a2f49a33610ec02573de14a3a74

SHA1
11d934f35b462617c2d096088819d37677594feb

SHA256
812a135d5a52b138d4b627358348a3143f96c24a2f6f759c591dadc77fdee72b

SHA512
972b28121fb09b2dbb8000ec46ace699de0519955cd83cb6c7f439a3ebf91d2f550f621a92dd14ea1e096a7c327d5d6858fcd5edde694aa318ac07833e6ae9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90f10c1eb0aa9b3736b81f4f814ac7ce

SHA1
211a25cdc03258e295ffbf1e42c1954112a7e86e

SHA256
f31b7966134056257dabe4fdfe11a03273379003fda33a6d9e3974d037fe2734

SHA512
81ae1fc43c39a1fb5c3ce1444092b4c4149f47bc18b2b624e3b9a168fb06b00b1f9d6c9e727a9755291747743731a120984d5e4798d2ffc63470e83da26a0a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ea4f553794f1a05a5bb8dfbd8b415c8

SHA1
8fdaa48f58f0b054cba030b556f8b9fe07970bb3

SHA256
4296bd246682c9f789d0421f32f282f501c06343e6aa8a24d607d43493af8882

SHA512
1334168ccf982ad72a9356e8c363633db29dc96b9f63ab45a61c28b7d0fdb3d7a95f326dbac5fc07973473256890811c24de1b871dfcbcc91aa7d56cac2c5d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f09db228c1c0b29c2adb8e8caf1fb98

SHA1
4b57c9f1dbc91fd38ca98ece34c2419a6c446d70

SHA256
f271ee0c41de6ebcdba916c21a44678bf1ace90817267951d6c5145f1bfadc56

SHA512
cdfc236a7165ad436d3ae5a52eaccadd5126880867817106d755814f2f512712fe90bb592edd1f8ff13242f6a7cab5786a2aea436158ec5e95655ad69ac04b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78d222df09fadb78a36544dc23c9e419

SHA1
31d8b5db3259e583f3e4e4e268231075c3df16a6

SHA256
f747007e60fa38e66843713a10fde62e66cb7551d7f0c6b9904bf6910efd43e5

SHA512
b5cb621c28ee1dcda2b81e5d09419f55ceb52e6f926b8183016cef8ca6369c0a5701b3220d429a5f2123f1ac24233a009bb7ef6fb3c175713e9cbf91c6833ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eee240e417b88562ac489f81c10dee4

SHA1
a5d03fef05cc4213cce5facbfbd213d495d47167

SHA256
dc09747829e69f38e72bf55a83b75f0ed279c3fb4340cc0db4b3d7db3337ce5c

SHA512
aab8a7fbd1e8d336100d0616d8f02f29c63dccffbe0aea1d058bad9ea544e18aae13f0faeca312ec946ca9780194b40f7ffb21c3d13371fa1c13af5bc3a9c833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
78B

MD5
ff97ea3cab76de4b0ed2d290ec9558d2

SHA1
d10bee66387dde3e80102c84038957bb7795f477

SHA256
3e058b9b302dca1e9c096cc0ac87bdec54fd047a2fb7d289578fd95961e6d420

SHA512
f70b8e3fc261e5628b97eefb7d2b82b03e3a81d2152cfea3179802af8aea161600f0d66f8bcf70e8abfa0fcc6e8114c8a04e1c26aa16d54a0c48e1c342de3667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe575a07.TMP

Filesize
142B

MD5
181c005cff919befb4af799817cf30b9

SHA1
7b317f27b9fa5df0f08e821840cf19684205b790

SHA256
975f8677a4fc8808922f78cd5c97d2ac9321b33faae681a48d9100c485dce71a

SHA512
c8193d0f0a3d8eb90407b8c05b130083e12da16e042d4d0e590150ed196b5f6c159db8d977e2d5e3af48a8165b539a470edd5ab4f7dc4f231c4d9aef2062a15b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
69cc7402e0b4ea169e71906e1596d111

SHA1
d015387ceecb2fe003d780c0f2ee0fc9634cdaaa

SHA256
7719de5b628ea54c19048a06ac55877234f868a9ce8e282f76be4d78321cf27f

SHA512
def1113a9d07b5917970b1842500c5a7132df9501c066e7d3f67097059fe9d194cf4bc020259611ff56bf1637577f6aed8540d3add000e4e0d3a761df40c6d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
133bddac08d9b06ab3bdbe1105c624df

SHA1
be070118261853c9c60871c095c18cc4a6503e18

SHA256
8bd8c56651f93f6aa99e984f5afdab9b6c8690a5f55486adb3654d1c95afa1bd

SHA512
6c1e543cbea3f3bec4be09c1526133010a7001a290fa76b1d057b379dd6f50d5ca1a2a1f551d275057949391d02060f74a7bfff7bd34cd41f2385447648c42ca

Download Submit
C:\Users\Admin\Downloads\ps2_bios by ps2-bios.com.zip.crdownload

Filesize
12.8MB

MD5
00d88b02bc3aada70498ec421092c04b

SHA1
2d83d33033e31955497e3e962493b9133e7a2c39

SHA256
e5b98f79e84d434b44fe4dab6b0e7823772d32744249a8fb9fb2288d0b354b21

SHA512
267d2ea6292cd5b0c8485861685547d99114552b6258a8dcc26fd11d64a2ca5d6fbdb11e6a416148b4b1f5ff97118f3cdf1280f46b1677aa54eb1c007e4789d6

Download Submit
C:\Users\Admin\Downloads\ps2_bios by ps2-bios.com.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit