hxxps://drive[.]google[.]com/file/d/1CnsI9JFmRpdy_1bpScqOGT2VmgPcYdcY/preview

Analysis

max time kernel
53s
max time network
54s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2024 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1CnsI9JFmRpdy_1bpScqOGT2VmgPcYdcY/preview

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133788349721517559"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe
Token: SeShutdownPrivilege	4292	chrome.exe
Token: SeCreatePagefilePrivilege	4292	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 3048	4292	chrome.exe	77
PID 4292 wrote to memory of 3048	4292	chrome.exe	77
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 3588	4292	chrome.exe	78
PID 4292 wrote to memory of 1640	4292	chrome.exe	79
PID 4292 wrote to memory of 1640	4292	chrome.exe	79
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80
PID 4292 wrote to memory of 1840	4292	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1CnsI9JFmRpdy_1bpScqOGT2VmgPcYdcY/preview
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff79dfcc40,0x7fff79dfcc4c,0x7fff79dfcc58
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4556,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4876,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5016,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4724,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5184,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5216,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5200,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4580,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5368,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4728,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5536,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5580,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5660,i,10541810285061883721,89278535801048802,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a4decf0f2cc3cd91b46988bd819af9d3

SHA1
f3eb59b399c46e4e20ab8a43d48a3c6acdb467d2

SHA256
26500c2307c3f510f5dbc27b8d45ccfdfa1b428c4852eb4f39851f80fb03ccc3

SHA512
dcd37e7747b69ab09590363bb073881b924e7bad2b261c6cde5101a56ba1162457cda0c8c3a70883b5b21aeb1245c5776707fb0df0154e4aed7e1025c075a91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
35KB

MD5
3a0ca121ff098d64310fcc22e9fd6b73

SHA1
42c9e9ad313bc42b244df3a51124ba4b692b3460

SHA256
043afc5e7887421b89f14be6f0ab4520ad50bad2ce3a4be1fdef8ecb51141eff

SHA512
28bf0feb18622c8c970a2a66b41db65be899a5d1d1b33700bf561867d942565fc8ec2532e487793b668697ed94cc176649e17f1087e4ca29016bd976baf526d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
22KB

MD5
342cccb2a6277a17bdb482e71f2de091

SHA1
3010ceaaf837dacb5a98fcc7a3e25610ac320058

SHA256
e06b69874e3640fad41efb323d96cbf56b1908751062473d2d3ed5d0807a0734

SHA512
051e7e4e1b6f08dc8c426633adeb84f8bfefeff67d59e75c618ccb500dfb183a4e5996d1a7b4cb76f9187b64d02d48a5fb2e5ccc99cc5400dd211b113e8aa7d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_spdate.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_wdd9aaroqsgvvnb633j1hccc.find-singles-online.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
d6635dfcf45ec01405a37621ef8571f4

SHA1
55b8c88b95138cd7700186dcc3c0c9fd480f93a3

SHA256
02f0f62f69b964d9dca39f136b57f95047b54edb645ea1e182e1b1e33d5d13ae

SHA512
3bfc8881b7261a2f3b83d977d25a8d2d74b42ff941ae3daf02f852fa26cd4f17e9806133630c523c1b5b32131a76c2ad8946cd529a7487d2f401d6858df212f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
923b77768b25970dd429cbbe9d853df5

SHA1
31a7256eed46e4cd492ff9b597908172d01d1294

SHA256
10932ae1762c230efab1cabe78b063c84f56d503a3c17eade46477b474b14f08

SHA512
ceb3c5a37e3991d21fe721b238c07018d4bebbb760ba83955f50db07cc8466cbbaddb6715b4e566adc1318160d2e87dcf2c46764a5609310b407601b9b151917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dc0089058ace2f700b05908056752f32

SHA1
3372affb988bb270914b9a03891c4788a2a8b8b8

SHA256
b55655fd12c6246b6c45e38ad414bad8a7adff63c4a8164e04c5e46d4faef708

SHA512
a58625769e2ec3e8a52ef2a39eeaf8c47d117af2da9bea72ae0b0e3551568e370ffa42638850ab67b5912c7aa5a013bd9039cefe9ac23dfcd527a729737c17bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bb269e2c7468927feae07b233fb36d87

SHA1
73d6ed600575b4368e53a0ac63cd7ef96fa2bdd5

SHA256
971969a1749845ba37e8eb8786baad819f88525196e64899928fc3b4e0d678fc

SHA512
e97f69820a6fb6fd433529670dd5e34288914e392e70a30f23ec17ef434a467ed59f05663aefe49d68266eb27abb08955eee700717f6b18427d9a68ba36d089d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f7f876313e32e32938b8f28d7d50588

SHA1
3bb9582fd3b76ff7bfe4f6b8f8d1e10a795298a8

SHA256
f253eebb2407935060cae6f00d9c3e9a5fc349a6d966c51cfc6d63666d618121

SHA512
4760096ea39c7ddb20ef507243c88f977fbb657a3fdaf6f0b98f7aa18fd253ac168f3eab3f7bd65025d0ebe33314c39a302e2ea6bc2f29447433d5d8180cdc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
fe8ca8acc5f1fae3200b15cafcc4cc72

SHA1
6b7deeb5172138d62400d0bad2ab73f542170ebc

SHA256
a8cbf631f21a554e658e184b1aeb6d8740bcbccd662939b986b25566e5c14016

SHA512
f53b27d6b5c5538fcb365f3c0d102be671f13dd2fbb98f4c1220a5aea0186a631c9a7cda15c402acc8d9af98060c349225850cd1ecd43984d820a7f9b04c0b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c4f5c4ec8d585ab54073794cce768f4c

SHA1
e7a4a14714562cca4b3cf997441dcc8e28194ab3

SHA256
7a13f38c0ab73352734555f355deea266a2f0e682d90902ec14bdecdf04a3e5e

SHA512
726a20ee8f6b9a629c5a8296474ca4906015c9829c893dc46cf45d55cc62bce609ad599119f52ab010795628a810f85612f3fd815272a0ba34f846d1512ac4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fa784c31-e390-44eb-96d2-2ab9f334be44.tmp

Filesize
13KB

MD5
35d34870075557785ca359e176bead87

SHA1
bef10b66a74c5c4342427afb094ba699dccf212a

SHA256
de953706c90b6b1c353bb38220d0705669f373e910b311c4054f83c15bf6c33a

SHA512
b43b6285ae8cb765673ec17ad75e51182369f1fdbf446bc06a3ccc7b698d330026cf815452aff9ee40a33b2392142010feb56ad22ae5e09f515c5bf1a95f0b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
d10a3e416457c39744c8a4cd0d71bde7

SHA1
142e47adb06cf28275d7769c2dfe2dd44df39341

SHA256
5ebd95e3a278af94e1ac7bd9bdd50f5280b57f2030bceefd2b7e1a3e050ce412

SHA512
428dee15de71d2cacf74939fb96351640b76f26b8ff1bed9341ec0f9f9ca2003bfb14ff60469c805c298496dd65f1e4a385a911198b74eefa34882b3f56b007a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
8bd8355db2125a867329dde830d59d6d

SHA1
9f2f373add5103340906c1d145c8d05479ad4af4

SHA256
2418eb33c97905c07c7d52b59b570439ebadc25a86121d46feeebb8eb117aa97

SHA512
7e7f5acf27631521babdbe29a2b3271aa910d82ed0de7c1beb9e4a8349cdfccd80d684e17ed014aca7f7c37840520e5f846a6eb89c58817abcda40d71ddf65e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
ab0c03b0e717fc50c72bd1a418262db7

SHA1
cdac1ce0617d1a5c32d0121f820a4503ed24f7af

SHA256
00467b25105117fc03843c576e5cc3c4de30129d4f8477b071b2d713da286869

SHA512
f8bc2465891af62e93aa808ef2573e1fb0914631a644f8c558400154ca1877cee54d6c9d62e3d5d25376aab71d5c7a2aef4be28bafe8c17a0691f14c83f55e28

Download Submit