hxxps://drive[.]google[.]com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view

Analysis

max time kernel
248s
max time network
268s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674133748590367"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe
764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe
Token: SeShutdownPrivilege	2648	chrome.exe
Token: SeCreatePagefilePrivilege	2648	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe
2648	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4180	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 228	2648	chrome.exe	81
PID 2648 wrote to memory of 228	2648	chrome.exe	81
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 2748	2648	chrome.exe	83
PID 2648 wrote to memory of 240	2648	chrome.exe	84
PID 2648 wrote to memory of 240	2648	chrome.exe	84
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85
PID 2648 wrote to memory of 2180	2648	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0db7cc40,0x7fff0db7cc4c,0x7fff0db7cc58
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5052,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5000,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5204,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4540,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5352,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5412,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5432,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=944,i,18010397222696851693,16014998756333192616,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:764

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4772

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
39ae1b415de8cd828afdb31e01ba0c55

SHA1
bdac4508282c708b9e20d2f95c4a3c0e4f2d7d3f

SHA256
832e908e528d05430db6822819276429a7479514f2568b08b35bf400ed7251cc

SHA512
3feb6e95da8174413b0b65b32650fcd61c56c3c09d7cc36e9a9a14066c8c857e367652f28be6826b56f1bcac855ef087a4ba4a3547d38a50f214a9c590411155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ec78e018348eaa2c1d975259f741cf68

SHA1
819a6d747524b7a9ef1625afc0ef32967cc12995

SHA256
101b88c56fa46cd45d2f4d4f12e5ce3ff4c38f27ed5a1d909f71a7aca8936057

SHA512
8e97771b2bdaa95c2b3363dbafb9c69e6a4f4ce40fd84bc5c1fc643b8f662f0854143708abf51a52fd8c95aa2889faff439e8a36d8bd11accd3e8c5853f0a12e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
aa8b38aee586fd2f27e9968dc60de6b9

SHA1
d60b01700646a4f7c417192c977f647767600746

SHA256
b9946209c31631b1882e209cd9a83818c092eb4d4211a1a98bad388c88705799

SHA512
ea1594c420186f41b22c51645a4844485533392f4db9310a4130fce2ba63384e09365a590a840137bcb5f4646749ac18e7aa4f17ce668e4e75e840f63360c812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
1120d42936c0af8eafe8e8a78ff8932a

SHA1
78cf000173f2cfad1676f3c07a095ff83165bb16

SHA256
bf4e929b7b4c5ba0b6e3bff45fce21f932976c9005a4dc08a2fb4265b6255bf9

SHA512
a1a3884c830cc7b5d87833cf7cd8ab8f582c641c8bd91e6fde01820e8a7d2e1e0d5c8b5150f5b4a72d96baddfc46affb01c2b1d0703f560f8b4aab5389b233de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
acfb344957b21a761dd0b164c794bf91

SHA1
a47bf27fc7ad8f3ca97bfff67864506f990e1aef

SHA256
f484af75ede30ae7320e18f4d897ce0028d4ef28ca208bf5ef0c10a6eb43f9ab

SHA512
4a32b25be26ecc018641906066ff4944abd219f7b67ff5b2dcfdbf770b64e3c240084139931452e4cef271c14911d43a1568d4e6c489513b45528f3eb12840a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
7eb9a8b39c9ad1d922901341ec8af907

SHA1
a8016afd3044c9cd95a0e67466cc1de8a87fe10f

SHA256
d97e0ead4c757223572e1aa5898f35cd8a0860771a744d0a6dcb2ca7ebf2102a

SHA512
ca5df71cea0787c511f6fb06ea28770b6fc448910d64013f8d01428d441ccbaf5220dc8bec2e804a3b6021d0103006b3bca5204637112741226251946f33452b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8dc484ad18a5823ac03d079e7d9d585b

SHA1
bbc1566ce7c8434cce8d3e61fc1a7e5023141fff

SHA256
739c42304bc53d9ff9a9228018e66b198dadcc5c8298964e46e827950249a1b4

SHA512
18dac944cea04807fa35da7ea877b5ecea1d8262083576cd46c73b77e7c941ae4e9dcf2d57fdb9319e4e2788fe4eb1d0a2f4539076d088b794a3aaed72a5950e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18c968a905886384837ac9a3a607f48b

SHA1
0bd9d17f33c6d32e83a0944ea56d1d44c4e1f395

SHA256
81d3006878361469d6ee779d0e21507f8b845a16839d15d59f3dddfd1e79c99a

SHA512
fbe2f82e89330a34d4afd78b6c81a46e75ca257a99577fefb79a7119905903f1a772a8798944a49f9e4f24bdc901e61aae7ecff4d95e26ab2eefa3c55b3c65e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b1a9f3595fedba03a592b9263b6a2ab

SHA1
691520ded0a41065f0fc4caca294d8ffb74f9b20

SHA256
1274996c1cfc73f87cebd012d2cc8e058040d968c1d9175991df6892e43f6c23

SHA512
64fcb4cdcd1b1faf700fb70a3e04e3e957240c5e8dbc301148ddeb83605871c22552fd6ef962bea3712b21ab0d3edfc2ffa548d2f80def74ccb51ff8de975693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0bbc0a0b7c12441aa6de2343ed2c5120

SHA1
8958c6492952b2c857218cdec54aa25a570609bf

SHA256
0d7ad594a19c2554e7bf1b8d4541e6d153fbe9a55dfcb026238c58b84a70fb32

SHA512
28d93cb6e17c2cca575bf9cce1b0ce2bb8c5d107946e7ff41f232b41bca98d0054a4c17f8705b568d3bf778eee4d915188402a4199b9b70e424fe09a4dc09c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e3b550b2e45829871c57666dc65243c

SHA1
fc00f7af318b3d6ef0fd6f4553cc44814be58812

SHA256
a09961320adbf9857a9bd413ac5d4509d9faf2c7dcb0a42846b09432c360fc88

SHA512
2c7cd8cfac2fb4b97cefa35c1fe296a5aff4cd155c67a5e9c1337973a1267cf9dc5064a4b3b97949e30a8fdf08fd57f1a9ceff601ae5e149493e9b47aab95122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7698e52575ced48c1351cc218f09baec

SHA1
8736f1c82cdfa9a496c0e341b153615964b6d923

SHA256
e4c4a50543541dd02a0d30bc23458f6f263439626858554e1cf2c24b1c121461

SHA512
c0c4ed184afeaf5149170dfe6ab40281c68716da1c0b09ce8bd0795d3431c8fcc1c25e6194bac34516b181f0271376e300516356bf3bcd506e6601124767421e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e5207e5d3e0192208144d9c01d1c37a

SHA1
b45f914c7379060d8b8ab41d98d7356e5897107a

SHA256
f09cfd29bbf28e506618542dd0f54cd9f4352ef302be0a2e7b4e9776c9083824

SHA512
40f268c1f9689d3f755b4a926aaeaecef709d74a43173ad4b0568d2840916f2b33eb11e75be6d1e889f818c3497cfec1587838c12d809d5ac8de071e409275e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0474b170ca17b6192b05aef23bd8f74a

SHA1
dab227c66bf97c5308db4d7e9d7e267987199a88

SHA256
cdaf8a99e16ebdaf8829f645236d456a32bf7d36364aad3cd7a20ef4c19c2558

SHA512
a0b16a190e6270fbc1d89bf3b52b56cef431b82fa9f4b290b6f9e9341fbe4db85c87eacda817d4a16cc18c14e2039bd46e6c5c1cdb0af8b14894e6253d793b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b349ad41acf8aabeae4ea23e440b196

SHA1
3c733dc559d168d8eea50d3a409b377c7f17a0ed

SHA256
52466fab53bdca698c9bb4a294efcb7d49ff9d194e6b74a563b57e09fe490675

SHA512
1a97ceb7ddf2b01c24ab17d401cfec1ad632279e13b20e81ecbcf4d981d1bdd73c8188723be93f887c818e22f1ae0b3c58d07c23a513083707fb43623797b7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4bd7e0d6695005505022975344278b9

SHA1
f19fee3a18f61edef4f7159d5a3e0cac35399787

SHA256
3bd977d9e2e03d51b2b3ce9c9dd11bf9931f6b9cee84594e35d151a5c634b47b

SHA512
f9164a19b2397b8e619a095cc8281a5f5760c3eadb0aa7f497a028e1b75f72ea7215d9e64dfdd47c90c0de8db1be3939dcddf48d2bfdece721744a897da4293e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0efda9cd5dac7c2bae87efa1747d2ca

SHA1
c9724ccfd0a5d2ae6593aa6fff0074734980e6ed

SHA256
de84fdc66ab9e263b4a668ddd1c07ffe4e677b8a22ed4b49cec2d7af4c21bd21

SHA512
0becabed5288e230f2582180110a6b0753fd92b4765af8c177a64cfa591c6fd93ed7efac97c73a4f82b44a96cf21b5bbd8f2b12a1c217462c21f4dc0b1ca2aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51f3eed32fe60838d60edc2578c90051

SHA1
8420af0ba9bc29635e88e1c54543a6cdcfc96cbd

SHA256
4b66f9e70ea3f8f2b76607c7c4775edaab7abacb1d376a5f95c8116511590c97

SHA512
f861c5c77c7f42bf9edc6c5ed5ab532c9278d79ca1ad870daf48fe7ffab18271ea3b1dd8a6e2bafcbb62c241fa26aa7bbd981cf085faaeb252b8526dfc6c2356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dba75400c539bdf1f9f82719748dcf5

SHA1
86a317a72bc301fc6fe5ee8585202bfdb44730dd

SHA256
f1e58e08aa9fabb6eed4a6da224f51296162570cddc5ab7fcf9c5d99184f7ede

SHA512
c7cde24d326edc5ad923e0de0801ac0295fd57d8f5a91f6964304e8c1f4df06e9d66a4fe7f7909c23ae89941ee3c7c50c8c095fe0ed45a3aa3d09eded02d071a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
581993718c461f6e0409e6a0cfdd4a84

SHA1
fc53a48cb4b97c64e97336bcd03e058e23fc592f

SHA256
82dfbcf6a80d4a7f4d319a70723e36260eb2ad2cf8afc3363d0fe6b07cb0a622

SHA512
39d79f07ea8068426849ac2d756dcb8c21c3988c2583191f6e0a3a9aaffa72bd9851db7e1ca993e39ef697119d4af7129b9294fc899f2d9bd8692bf66d56f7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96799813b9a04847142111363a7ba185

SHA1
d8896fdc48c5aced4549e669a912bda26ea7541f

SHA256
7ce49f30074f80fa07547145c23741f634d90eeb24944e0aecd0d43a53918687

SHA512
a19b2d7d0fce3ca30fdfc710eb5148d28f197b3a9c45cab3bfd0c8f300aaad2158ffe7b1c6b6cb691856c1fed5fd8a1861bac85db19e198d05ee1151b654efdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
007b2cb84dc0e538a75689ec0cc2a21a

SHA1
559f35aec7f4447c534a6d3381ce220d7b481140

SHA256
d685f55ffa3160b6cad0a9928e26a123aa3a9301f291a93039f6d75bb65d081d

SHA512
41f7392ba238873b617d702e194d4bc4e47396a6886bb25e54ca497a3b87ae0a50e55acfc50ad1d72673ee6203d09a06d28470068b1f79c79a4586d0f04a0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f110dd4b37ac64907f0a4ef9157b082

SHA1
2dd11aeeadc4b72c2b7ad2be00d153ff89662dc7

SHA256
a23cef3f9cea30a63ac5cd44875acc42a3eba7b190a531445f4276d3f07e1055

SHA512
129b3fea0b95723b63cd326735b3ba2a6b85827255a1b8b394d7292b156628d98f5368eff4d86d9ca307bb7f07df500e57a288e4d86bc0e795401310a0e77d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea08e3fb733908cf11d9a2d01b1d1f7a

SHA1
d7a377e52a5466b0230c61ad80b2ddda7572c417

SHA256
48b544029e3e973b56c1f3615273fe6c55f5abdbb7c0c7697fe6b93f071ac8cc

SHA512
d9936b4ccfcecb6088d0b9d77cc04402ab3a63cf4cb8c5c6a1cde5f0bd18f7fca0714d9f1f415d1df753306576830677ea25e348d750064970c33336cfc9360e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
29a96c08dc6794c44b281d43a7435ee9

SHA1
e3a155da76580f7b87637f257faeaa76b6479da8

SHA256
cd34abdb6410e781cbc32f49080e6fb1ed3d3ca2cb865cfd64699ecebd70e5f4

SHA512
126137827e40228c4ed25e2ef528bdf15b4f1e8812cffa0fe4ec41b2a6ef0548146c9432c5fb52e445101e1985c9802e0e35e0bacd1572ba221096108fac823a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
461df2a333c2929924773c4ef3d5fdfc

SHA1
41917ea55a817b71f930849b0928ddfc09af656b

SHA256
30872f5b6f8f8547eb0ea6eea9e2ffae607cca1f20cbd071d8638cc4a36dacb6

SHA512
96ccfd6506f37545228b238699b65e9e33de2d7b4fb39bdd54937a4ae020dc90f6f7d7f2a3fc1e0ea64dafd4bd1e407ebf58a1a6efd131bfb22e179daa84634f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f4c3ee4953d642bfca4e84e43fca8254

SHA1
71f76160dc4ed8b009021048f07e2b77b6d992ac

SHA256
cad28b7f1ba9b3e1e38314a990f002f06d1972d88f64b377d9d28fea736398ff

SHA512
96101fb1a14ee842d13c8b40f01beed2a3159f717826b08c567076cc8bf1b2955a23b5d2254eafe6f480008e93b911d9ab864d80c17761b2a66b574c3df899ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
dbf90479248df0d6d4db51f1b16d66a6

SHA1
a760dc01174d7b6789dbebc32e27b0863923cc9d

SHA256
7a2b5c143c2d37d1a9ab020a2f98660f238747cd9782f6e91a40ef186f865bdd

SHA512
e90a945d3c120b7c4ddce189ffdf29ab4ae1fc18b56e8d125c2aae1256af8026e39119ac84b33b3adb6e51c5ba96248184f7cb3f62c2ca8d62f87f57b43ea71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
4e524bfa0a05e92114cff59331996939

SHA1
881c414e52e707ca3e25562bc20a26a2395ba608

SHA256
4e3e8ddda37d10e0e3279a7bc778002cb6d4700f4070a378871433b400a8d72d

SHA512
17a8d06bafdf690df2748539182267313e166ca3bbd7bac211ba47155cd55fea09f5f3e102b58157223a73e409466f398be20468de943100fc065424dea13d5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
3e1f5eeae74491d8850ef2c8b03a9a3b

SHA1
0c02c9c2550107de6dd0eb740ac5668f292883c0

SHA256
66756c0edf3925de7bcb685385e2a4f0b854cffd796a9e90eb1ed064b1fb0e30

SHA512
7637f0807d88dbceeb68823a044583e2248ac1ba73c000da6560f94075635a27d15970df7e52f8315bdc2f1c45cff6f1ab7690e916b58307a533f8df24329c2a

Download Submit