hxxps://github[.]com/hooder799/virus-test-idfk/releases/tag/virus

Analysis

max time kernel
900s
max time network
1163s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/hooder799/virus-test-idfk/releases/tag/virus

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Delays execution with timeout.exe 4 IoCs

evasion

pid	Process
2824	timeout.exe
4404	timeout.exe
1088	timeout.exe
868	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764949843841972"	chrome.exe

Modifies registry class 23 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\Registry\User\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\NotificationData	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\doyouloveme.bat:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4668	3696	chrome.exe	79
PID 3696 wrote to memory of 4668	3696	chrome.exe	79
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 2504	3696	chrome.exe	80
PID 3696 wrote to memory of 3880	3696	chrome.exe	81
PID 3696 wrote to memory of 3880	3696	chrome.exe	81
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82
PID 3696 wrote to memory of 3308	3696	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/hooder799/virus-test-idfk/releases/tag/virus
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff45a1cc40,0x7fff45a1cc4c,0x7fff45a1cc58
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1616,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3032,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4084 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\doyouloveme.bat" "
  2⤵
  PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 2
    3⤵
    - Delays execution with timeout.exe
    PID:2824
- - C:\Windows\system32\timeout.exe
    timeout /t 2
    3⤵
    - Delays execution with timeout.exe
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout /t 2
    3⤵
    - Delays execution with timeout.exe
    PID:1088
- - C:\Windows\system32\timeout.exe
    timeout /t 5
    3⤵
    - Delays execution with timeout.exe
    PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=740,i,15133966094300015235,12472243078935902848,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4928

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
642c9af4fe8ccc05ba73fca0bc9007fa

SHA1
c3f851a3e794645fc0235188293ea6e73898f72c

SHA256
8bfed9fb1e957d4c6e48f816cd35e037036d82692d4f2575d153268e6ad2ee19

SHA512
03aa65e42bc77c67744af6b58bf218f2d4b3ee69eb3f04656ffe23d0b352694250693973fc80f414c83ba0d1974678c8849f82eb310e60c4467447716fcda9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d928aebb39f174466691c2a3d0b3617e

SHA1
d60cc57a6bc2737d8300a8923676b263b705a132

SHA256
1bba6906ffbfd39a2cc5f38f6d05dd6b9f55df17d9f3ce3ba91174abe2d5b7e4

SHA512
81140ab536a80d23fe257537d12c1ebf2a095cd1ebd45199126311c802e5992d70784fe4b3f1f24c4f53058da060389afbf5a1885eeec22db96f4e775eb4a649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
eabd0295ea3250b6fa91cc7de66b6bc5

SHA1
2ae111d22749e21c98997aad7b841d1536bdce92

SHA256
c9c966a2250c869b6993100c5f120404d4546987f7863ee5cc36f72469b356cd

SHA512
35c5c92be52649a5d6f3a6510ef2bbc7e83f0f70df444c5640e77c123adbef1ad48f1b9223f7b32517446296de3d047b714eb9b13c874eb404a098aecadc79fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a887380881b8aaa7fdf1fb9c1a7e7e62

SHA1
a9b8670c1600ef6d4763d39f36d7370dc3848ac8

SHA256
0203bf223a7e57e306226e06896fbfad3bd07db8f70362861cadd817927d3f34

SHA512
2d04806ca3949cbe895759826527ef47b31b0b0dcb6fde7ad7da15ca65796e77f4743b5520d419fc8bf4c094f79b3a08cb7c2638ad991ea647c3289dabb9e79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
16b71587888d2910cedf03232b07bbb8

SHA1
e61a2a09a12463d646c8bc882104acc393a171d6

SHA256
128d6815a152f786b87cdc6a779a54bb18222006a516540a1e6ea3d39b3b1f02

SHA512
d3f846c525fa86e0a742b1eeaa1af9c75849e63ab419b48a69b278b329a4ba125cd2c7a2a68def1f56a1849b7dd61b124ec502984a9d9cddd7342c77d7f21d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06a44c63127c3b01494e163215c582fa

SHA1
5de35163fac139438b92382ad812e67262b415fb

SHA256
2a796c3dafc3338bbbc34f53da7bcba76eb255769821616a6cb5ff82a3aec733

SHA512
1d3bd3d8fe4ee9e1779b9a086edf1b4f634868b0b86edf0927c80ce543319da451aaea2f8ba4628a28350bdefc805085f05f2d0c05238675df738e2585235025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e1c15504e915d3aaaf51d0f04377a93

SHA1
ba74d9366d5d9d0db67a0ae622fd65a354058794

SHA256
cb7bf7262a571f71919920996e438f4b22bbcd94f27d449c68f3c4b90e956bfe

SHA512
846676c7517c51e4b8f3ff8134857d4c1323b953470a40c45369b58fc41acb9523c2ab071eed20b7f6c4cea0855ca733aab72b1e78e90ade433dbff161611395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89477eacbf107147b40916de210b2a28

SHA1
b0143dd8f25853cd3fda94f72e3965b1092e7a6b

SHA256
0c1a5380fb87c79e84e2f90739832b133e3abfbbcc7d9c9fa2cd90ce3e65b33e

SHA512
7e01bb149e895a7e875aeca67cd2cc1f60f7f0340e0113be21abc0541433741c55d97e787b5a4449658a8dd57112b82f64cff5c48a7080ecf6601aadee011f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81adb57fbb17fabb13390cf1d8a6dd51

SHA1
a1082de24100d52adaba1566b644857dad4ce4ee

SHA256
cf1d0a8a329b24e094d495cdcdb64a0920d14ecbd433acd6567b468b5039c60a

SHA512
d8deb0546e862d51bcd39c924813ca8b97694b9866ac825686e5c524171d1dcecbfaa8f4731628b42096d64cad691b603543fa406ffe5ea5c35673c8b01c7886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a37e66d567b59cc08d0144cd7a58ce9

SHA1
d17b0ac9cf95a3f14575d6a86f9584f37ecfb7da

SHA256
41eff9100f0f485598a3c41306facdf9b379d05d2be4ed65e079a484ec02484a

SHA512
80947a053ded932c0ca184b6e9373e07267a03843c35a8bf3794e9c4e08b0fbfa7f4e08c63838137180a5dd07cfc3afc4ebdbfbb00ada988fa3e89e19e22c268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25f3d1d19f1f69f70be36618bf283283

SHA1
bce96832cd874eb5e54fb89f5eba4b062604c7eb

SHA256
07808512e9eb55e276460348266f9054d5d9d045db6c5900dffaee18877c33cc

SHA512
88eed8f6809e247a29935de9c3ec3b202aa251ab9b5420931d58b2214e0bdece99932780234b705ade597b7ae6bcc18c0ce49da63059829efa0f815af9e3c715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afa53de5b54f8802cc732cb60e214b9c

SHA1
24c949fb53b16907aa88ef27ec99d2c2d45f3cc4

SHA256
abc3ead3e3aff2a75735084fb29f57b04e13b9e747a8a3a2c09529bfaf477ea9

SHA512
7a56d87f577cf0151f85aaed9de7e96df83f5b0f8e2043018b38c61cf09d733e4c177af4666edc89da242019052d38505bfa712f91cc59bad6f3453074ea354f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
cb361cd9a42c965f0286a0e81e382d1f

SHA1
245945a552b76274e96d698a851d1595c0f64a47

SHA256
85e5d6088a66758ba630ced7c680d6492d6b3189269e093f1a298915d3bf84fa

SHA512
0ae4d1f30e9b750278b02f4b9936420dde37bef6d7be3318b31224cf412d322e140e3b52d53795c2c059821b714f38cc8ec74d4f0f9b0df4b22a07dd6548dff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
60de8bc3adfedaf4e122199f22a981c9

SHA1
00ff4fc6320a618486ed75bdee52119f14fdf44f

SHA256
5f8d3300ef7910820b931cb65ef0b51fceb9f353ef99319be4ccd6ec6c4cd7c8

SHA512
78ad5fb15db1586670e67b0c40ea02b6d7fd260c5fb3a76fa6008e6866ee70239cc8980fc894b9555512000ee125746aa2ae9092c903f1be36521b6b722ebbfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9f237829e67e420dd9f2c136c0625304

SHA1
354bda330f1c17d33856b7da64c3947de773f39e

SHA256
425138caeb4932545b6ef09ef6d023ee7c2d4ee4d559fd34ae4c88b3318a4328

SHA512
84d162b5240904744a8b914e4c6ec7f60e9c7a70822ab5610fe13fe07dafb9a7b668de2a31dfea45332a260d0c882b3dc8084c04e31a63933d740d0ffa9886ad

Download Submit
C:\Users\Admin\Downloads\doyouloveme.bat

Filesize
1KB

MD5
e7637faa264f62741ef254811e0ee1c1

SHA1
e5d9ae3dfc42a3b453ad592fd58db5471feac034

SHA256
a4e3fc9e1e1f9eca4ed9933449656b584da9b33311dd420c7507e3eee7c83ebe

SHA512
a9f7d480a0c12ac103b952ce1920fbd93528d9948062dc8fd7aa452c7b13f52fc91c0ee5fdfaa3979bee9b842b675de0c90f627d73ca724abafc9ecaa0186c1e

Download Submit
C:\Users\Admin\Downloads\doyouloveme.bat:Zone.Identifier

Filesize
625B

MD5
55fe22560491788a4d5072ca488a6d57

SHA1
f454566c975b5d410d80ff1fe9567642f0a90fbc

SHA256
decec6e0ffc01b3137c8b80c0cba29b304867923ec51205384987667a6e3698d

SHA512
849a2a8b4c7e8efffd146f6f0cca63f96c55bd1545ff6207ef3796945c157e83f68f85e34721b18f5eda305d8e5c752317b3d3a0fa3e1a127045347793712176

Download Submit