netsupport | hxxp://geo[.]netsupportsoftware[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2025 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://geo.netsupportsoftware.com

Score

10^/10

netsupport discovery rat

Malware Config

Signatures

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport
Netsupport family
netsupport

Downloads MZ/PE file 1 IoCs

flow	pid	Process
88	1060	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4968	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133838574774184054"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-189444705-1272902858-1305688695-1000\{6C05D40B-B938-4D02-812C-E31DEF324CFD}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 4168	3620	chrome.exe	86
PID 3620 wrote to memory of 4168	3620	chrome.exe	86
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 2108	3620	chrome.exe	87
PID 3620 wrote to memory of 1584	3620	chrome.exe	88
PID 3620 wrote to memory of 1584	3620	chrome.exe	88
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89
PID 3620 wrote to memory of 2016	3620	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://geo.netsupportsoftware.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffee7b9cc40,0x7ffee7b9cc4c,0x7ffee7b9cc58
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4760,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3764,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4424,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5184,i,13477705420383767193,3809213247480735836,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4076

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODIyOTI1NTAtMzI3RC00Q0UyLTg1NUQtQUE0OTk4OUZEMDVCfSIgdXNlcmlkPSJ7RDFFQTg1NUMtRDM2Ri00QUIxLTlGRjItRjZBQTdDREI2QTJEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RjVCODc1NjUtMjcyRi00NTEwLThCMkYtN0JFRUFDRTFEOUI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5MjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODE5ODA3NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDA1ODQ3MDQyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
34KB

MD5
49e9813b6234345794b99fbdbe561db5

SHA1
36a71083706283275827f647a689f30b84c7acce

SHA256
fe809a4f5c262bdda580e45e055b32fa907746d0b7083514cadc0d9fd9ac229c

SHA512
98a34fb2158721cd6b4254a0858042fa18ee5683b2bf5c4ab12a8957d8e9de96618876bb50d242357846dcf559f36359e4651ffbe49bb20785e5b3f15c55bf69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb165017a5d28c78_0

Filesize
221B

MD5
4c86a60938ad9e18bb10bc842c141ca6

SHA1
cec9544da4c602497cbb016e7bce82b3721b17ea

SHA256
90161533d76ce40ae604ed4845477d7bb0a0caff8cad733ba7bc5de2be6db0e8

SHA512
1cd87db472503f36d8ced02fbca7f3d397ae4247c2f9782cb4d20080066e399e4fa033a2e73eee8290cacdced6dfce8afd96f36010f44b8286d3a00299d23095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e191502e90ff2f76_0

Filesize
241B

MD5
ca52de0f7837198470b7a7ecaf4aedcd

SHA1
698d3d11f9349a39d90203849706f84d2d1602f8

SHA256
cb469d4f65c5e8fb767c0acacbac8ebb370cd357c440b5efd7b38f3f31bbd404

SHA512
546e9152bb71378c26a44333ee85c6aba4ba7647bbcc353aace9be4280ec59293aa67e8fa9b60dbab7343d4ca50123ebb02553cd55de7c1e8d928ee8dc1de30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e191502e90ff2f76_0

Filesize
281B

MD5
cab32bb35a960fbab76ad3e7dc85e0b0

SHA1
30b37736972757557bad03d7eb1b259784941ca4

SHA256
014082ffca94364bda634abf137b2ca8b643bc47abad25a626d651fa1cbcbc05

SHA512
10eb7393e07862e0f82b43f0bbb0843afea5ead18e4991824b44ccf9a8c39a1bf8abcc3823f2789cff1903b872e1ee0eb880b04e4690880c20aea5a75c5768df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87ecc524e0f9b9746747b4101c0543ca

SHA1
8bfbb3c1bb2a6c8854099fb05d8a6ac24e2ef20f

SHA256
2f2691a9e82bc63c6527b18c18c95c314fe1b546a8b813d915da69cdfa278480

SHA512
131627b9d3f6d486b5e409736f89cee4005601050be1761229192da9d3ca8f9742faec1ab6002b976d08011b7e039ddc9f9424bb5614844f9699472d41582e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
300c71f905f4503637678cab4f86d069

SHA1
de54d54e1d564e0a3e9be2cb6f30ad6f227c427d

SHA256
fa6e80e2d405895a8268829f1deba851952ba6ea39abfabecc11e7ee2265a6d7

SHA512
183ede6f5eb2397753843f7f2392702546ac6de8e557ce69ff92a349b83027364b22d5c102f49ec38605361c2e221753423d71ac961060ee12c6b2235290d726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
02d9bd8619eafa4a2f8d8f5a17504eb6

SHA1
59e643b2108a86ccd6e050103a4a9331af2ab6c7

SHA256
e8ba2d35924166ea274dc6b110c42c4b8ee7d63f12588e1eba615a3fcaa0167e

SHA512
bf48059ba1320ea405462a1b3ec675189ae49288f79a1d88a87aa26a910ed9a18db8c333486dcd7ccd9544852a826f31b54336206e4c7a218207bdda634ad40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d73ab1919043d2f8d000f054b65a7f38

SHA1
426066e8d004607961bc54db6e4f2653f45f0d0a

SHA256
1319b800ba69347a1b4868664df530caa9982ab4e05f0ad1d1765e2b2701d6eb

SHA512
650719ccd9c81a881000686a6656e916a74c404ced04952d211e9704662fd94a96f20f6eebdb3598af4472d5c31ca0e00b888cf620630df2e3fc81c71c62a63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69fe33cb9df049f0cebf84a819d16840

SHA1
79374c4551dd7bd6084558cdb2e2a767f24feee5

SHA256
39a25d7f9daf722d8fe67aba6eea4bb7cf7d8e778e0514392867ff31c301de6c

SHA512
3f667337bdd90364e3ee2954395f4c81a583e32ed93aadc012e9d0b9abeb2351e2ddfb90ffaa13e90a69ca8ccd3cbddad44263a99e8e4b55bcc4abc475ea2e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1bf1b7b7625bb21c7b1c0c6bc8c551b6

SHA1
7d347bbc8154503ee1178c34d1842d46da55f554

SHA256
3c9c5d0d8957dfbfb8bf2e989300dde8410226fa2acef86bad2701581fdd36da

SHA512
a9465534f84ad2af579c8f7089d56a825cfa0da4a2ad383f0686976861b4b6a501ea7d316109b6ff8d9505ae59eb4c7e97aad615f10a6b764bc631af15dcb28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a5ee2f4d56ffe49cc62feff911e63a6

SHA1
4ad3ce807514bbb6206f0f657a9f247e61c98517

SHA256
28e25b4057a80aa236d0da6a211c241fface073a2bfa4decfa38f01fc237d2a4

SHA512
31c4cd03b3994d02dc58013c79d6fa9f0b979ec53c97e8fd9435ee8f280a89ff80777a57c327a9f8515c98567954ed1672bdfc8625fa9b9911c6d9b6be344a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebdce3696f973ad98c0c0988ee5c433c

SHA1
bdbf247b1269832a23ba5d34dcdad38eb9e50975

SHA256
984aeba1687320abc48fb1115382cfe7d8d53868ad3d264416eee6adc218ba19

SHA512
bd353abac9337ba7a0e1c24c8de424fb332fad47ef67e09ea5a5c7352520753df3157d54e73f2efad4e8f9ee70712ceba643a9d86053e1c469fa53733b34f65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
494d62eb1d203b291e432b60955d35e7

SHA1
829393fd71b441fb69de8784d180d4e92c79a9de

SHA256
4e3f11724e55fe0a6680c444238659934f4341be4aa695bb2f67c24641df0b2a

SHA512
6bc466f8dd3b531ebbd8f59db227089e1ed5d7930a4d9437e269ab23a7f520ab8799c7a98e57cd72f858b731fb97d569459d4a9a5bcd69b9c9e68d7e0c684bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e1645141bded59f4f68613fa6557a0c

SHA1
0396c0fe86942a9c97015f73dce630a09f316313

SHA256
05547e93c418faae11679f84be80b83bd5904188d73177993d71d89751b7bd0f

SHA512
318cd41eb28902c0bc3c77bdead02c562f9ac8e0e962993bdbb5a400e64efc6eb4ec9d9098eaf89d8c5c8a22d619c5b568483e12926db8e3cfb9a25aed0b3211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49a26e8e2f94ad26cca99cfc8a8ab7d0

SHA1
0ab5912a521a742bc52d1c8095eb432db4a8ed9e

SHA256
1458428f99a7a724bd967c8dab8cafc5117e697ec3d95dd1925fea4742138c55

SHA512
3f1c1d732ebd6c8abc65995f21624886c161277e3ba1a1acb286bd0f9d8009b3cba5f8ac3357b16d238b302e8746f55c2df24f8b17968951829a16a6d1cf310c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3301c66279545ba356617e50f39aad5a

SHA1
5bccb26ab110ad01431eebbaed2303a01cd4c5ae

SHA256
f5bdccdd7b713b08e60f880947d1ebc8353f01cf306a210c497490787824796a

SHA512
93b6869bd775faf7eb9f53ca4fa8d4b007b783eb950630279b8b34d8af73bc47c10df7c8c98dbefbf241ee74e8d2747591fa2df3b60b8b1923b52217f06c4926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f3713c88ecacd58db72091c736cf751

SHA1
4521ddcdccbada5fc8576bfc2a1fc376daa67e1e

SHA256
567a813b135a64c222a1cabf8cbee7c6abe029776da0f609ae262975ac6aebd0

SHA512
d6481ebab796f967024fc1d81c6e568e32bde182738811dd9de42cba9973f87ca9da217b7b71ae32f3627fe7da641bc7b7123f48aa66be40f8e10d7a0b5345b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\e4a42af4-f3dc-4dfd-837c-13328f850479\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
88B

MD5
6fc0b4f190bf9e2d1111d2a09aab7002

SHA1
c154cc263a2dcc0434d68e7fdec5fa89b3d82e89

SHA256
67d02f48dcda1b7de912c5eb0fe756c77e0eef954adf2a71f2ed38e94d99504d

SHA512
3e782754dcdf371f00985527a0ed15a7df7dafa7d247b94bbf488632e3d6cf6463172d95b32d2f250518cc000cd8b94d30fe1746a3416e2381f8befda121ba80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
e151303b248594e94c080a5b18fb9207

SHA1
d5368486118fe1c95da7d1e67c41a02f2be4ab3c

SHA256
01fd7528196d5f973be6210eff3b92c7343e28994e42dc9eb01e05bedf44eb62

SHA512
48e279202691408569fd735957117f09d42273ee4f3a02ce5bbf5920f607b0879e9abf00529f5c5d2556d75c658938695fb182dae159e8047cb02641ad7b01e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
7f5dcd276a4614d4322a3e01256b7c3c

SHA1
4b730f244846b854e2e65033bbf14f8a49be34d2

SHA256
d94b5d74ec48a8bb94703a070393972158f8cbec9c99a8ba2812d93a10f77263

SHA512
4dbc0c3126521e16a6e39e53932f718b301ffd05608259468417be4c05d4312c6ffec9b8ab595fe95679b6ccbe6d7b7d227b338889277fd49a4512f77e8aea3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
a62819949497cfdd6446b64f12b6aed0

SHA1
621b71638830850a8d26a5c330f72970d642ae4f

SHA256
5b10ee33c141b72b469aff1596324feb6f60dfbc801a684518c2ea828096e434

SHA512
d48d074f617b25c6f1f65c60491f87b1101fa939b54e2cd5b4b93e7de0afad0d55850ce3c96d13a11127c4fb43c534a30c55af28ee49fedf9035dfd0c1d99f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
b700bc89e3b6639326008c9619f7cda3

SHA1
6b770fc05755a7934861b331f98632431b1924c0

SHA256
2923c9ab0654fb886c17d8b80b751bef7fadb77ede820fc59c7bdfb190b126e0

SHA512
834d0dfda3348c4c9199b4691fc967493a3a510af74439787ce00274b209bf97069def038e01fc2b2fbbdde79f56fca3ccd0d72fdb8df9129ddd6b00fcea7fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
4c4ca6dca9f62fb87e5a64529b3e46a4

SHA1
7324b30fc3c3d5568cf9628625b07f251c650478

SHA256
096cdfdb31cc41328bbc8c5a920455c65b4e7479d648aa7ab679882575f2d747

SHA512
f69996c433060595bce37b4891a63215fe5f81b23838d0612e848e86e5d8eeebe09f901057fdddf06df2876594b7f41d8121fbaaa81d78e4077e94b0f84bbd69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
e3fd668e7c8adf1bd1352d96f4e4afc9

SHA1
df2df02528908d0ef61d90adc95667008996e19d

SHA256
4f78e1bfcb3634e1cf1464c4d8e0fa50547d6e22c448a41f51ea013390db5c20

SHA512
79720afd612cccc5990ab4065375131b88130007fbc84acd669acc96f22d0724ab854f7f8f28317c1e02a84ac2c52250171544b38c83efcbed1d6ed976c1cacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
99a46f0478e704e2de5718e02199c297

SHA1
30cf22488d555441940101f807e0b57f29e6da75

SHA256
d4c04d8d77e8a9ed22864efa4013f158b8f9f4f93c133bd2b5c795ece90a1100

SHA512
eba97017774fb7f30163a57245d1bbc19c92750d698584b4e16d65b1c0456ee7db916bc87945c12d53115be3ca437b980a0db9f0e6b87bca3ace6484ca1630ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
c250145906815469e9f48fca3170c4a8

SHA1
cb4ac1917733369edf1e371ae3da2e2af883749d

SHA256
67954a89c5b38956823e8da39dadb0e86d73224d9347e703a5bba2bc70413305

SHA512
36d4f9463956cc817a3a0dc85fd8c39b83db337adff28582fa4cd62aa22a6c6364f3ddf05d7d3ee600569bae6181137de8d6a50da4a9374668f476d2f2e0c324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
152B

MD5
56e7010fe2507a58d625d9689da2aa19

SHA1
1601ff52eb7afe787667b61c92d41065a965a359

SHA256
bae44eb2d6b681cb55464b415374162d9dec7e0f6efa7d46c595a5860bf6bcaf

SHA512
211d724b5ac72df2a20a13760bb553620b5349ccb2bce642b87c3b1fe8c5bcad1b12c4fce3095ac31ac8c399df6adf08b8d6fd995bd0257e83a24730257079ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt.tmp

Filesize
152B

MD5
ab23e2682d0685f21e326e9449a9e536

SHA1
98551b58278c3b2daba525b4d2ab0190e18e54e6

SHA256
1d2b8c147046c537bc8b333e4330eafa2580e8e180949adacb61b458934d88dd

SHA512
fa91c70bd98ba1d187dad7b08e60d17dfb06907764efc8881443d491e73b5185e10642ed5183279a782165d8f4f2c9c0231d65ae27ec8e567081986e1cbd8ca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe581894.TMP

Filesize
152B

MD5
3bd2f92d2394f99ad56304976680a860

SHA1
5ce2fcb346eddbb6bf1bb5ca052605d8219ff76c

SHA256
c23a833f9f8d95d0e01db304792c174544f3bb94e65bb90708b18dcb0d445b70

SHA512
afc0632f61f0763875f6f6662c156e864cd2ae0ba8a16ccf93b7d99ac7041118362baf698f289d2304d80c0579032f263245737fd0b949d1f6b07ee240e3d2f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c0e6faef-d2eb-47a6-b241-f438cfd8f192.tmp

Filesize
9KB

MD5
606cd55f01cd52285a42131a7d1ecf1f

SHA1
0f6d4e398977682b6742b2cfb20f3f874e7bc0a8

SHA256
91bf0d277e3e37ef9b093ade90f0d8595edb1c8cbd59a38c87d208aaadb143f0

SHA512
8b6d577de0442afab223c0da3b4393cc89f50a5f04dbc3572d1d7468a0f3276cafc94d6747cba0aa61766744bc4a06c61a3152d2dc7dfaef7a1c9ecc23b7ace7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
5e509b0920903fc87313a2f134c9226d

SHA1
52ad19e00e80f2bfa4cb3b42395aeb083a643435

SHA256
40c230b85d2e1254fa81c89e5548a07967bbde8808228d8147b9079b49e78284

SHA512
5bc1830194cad3c598cd05fa8a8f43cb25973fb598926d52b16fddc0cb1bcacbdefac258b20cbcdff6e4ccf1d1d0b603a0d07f282ea6c4c9d3a65c5eabd597cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
5d2feaa0f41c0b519ea4fc2a54612227

SHA1
f26b15d488ed918db96e88b54952c23be17ffcfe

SHA256
54172c80f61edd18e6c1915bce6a332ccc118a04d4a23b11af23e8b3e7eb8d5d

SHA512
89569db1dbe757c459d3feb657a80fa72c559b557fd2935ef503fd706bcd67d0938ce34b6926ff3a6cc5f72669f01012f54750f0fb55c2c2057659c9ebd0f9ea

Download Submit