hxxps://www[.]notion[.]so/1c194f407be88057ad86f2f4295a79b6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.notion.so/1c194f407be88057ad86f2f4295a79b6

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
57	4528	chrome.exe
57	4528	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873694350852786"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
6112	chrome.exe
6112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 1680	1172	chrome.exe	85
PID 1172 wrote to memory of 1680	1172	chrome.exe	85
PID 1172 wrote to memory of 4528	1172	chrome.exe	86
PID 1172 wrote to memory of 4528	1172	chrome.exe	86
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 2288	1172	chrome.exe	87
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88
PID 1172 wrote to memory of 3144	1172	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.notion.so/1c194f407be88057ad86f2f4295a79b6
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff8ce5dcf8,0x7fff8ce5dd04,0x7fff8ce5dd10
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2076,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4472 /prefetch:2
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5600,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5688,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3504,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6040,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6036,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6028,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3312,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3684,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1036,i,148720930428384997,734705017315708859,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6112

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\488e661f-130a-4548-9292-00c184b0bf89.tmp

Filesize
12KB

MD5
d730baae05fe9e90a731a1ffef317418

SHA1
0c8f51ae9dfc820898917eb1c5d5eaecbbfa1879

SHA256
d0e0441a6d561a12f7ad0c9751db3a02bf261e615d3edb5b1d4b91f5c0af754a

SHA512
5b87d9d750c12ca3b5f6431551a1697fe12ad5386fca23e018b0606823571f389b33fd42db0f36de971dcf6fc753c89756175919739b122631a685ecddc67ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9bc638894da50c48815a01bf0086236c

SHA1
1713ff91b64390f7269cb5efd066819c14d054bb

SHA256
77ee9fe8a498a6f61fdfb3fb3aa1033ddb5a012ed287d3601cb3531774831c5d

SHA512
659f333c5aa6e5a5e6220e6f1205f8b410fb1995c9e880d9a0ace5718a8f28574d64f747b83c0ba60d37dc8bb9847cee685ad5240b338f23ba10abf7296af042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
0899fc0751d6217afaad354a132eef81

SHA1
4bde416e6197f23fb2115f5880dea5d3a33c6c91

SHA256
104353646a7a8e5cea3ae6e59132289b5c5e650162974d2e97250ce555c038d6

SHA512
47560923ff84853b74364d3de221894f49cd8e9e5e5a3c076aaaa63a42ef663bed01b439bcf41a0665cafac6cf98e0c593281ea758777d1fa2e7c84fabde988c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2f1394da52e418e03550a97a45d7061b

SHA1
a3260ad69b154c7704bd803e3f8db390402b5f53

SHA256
3b53f7e33f98b7538f39ca8bbf924c3524aca86afa93726d83451c52a3c2ef9d

SHA512
9cd872305dd844dc47e41023dcb8f46da0cc71961efebe15f40bd2d5234cbd32ba474df13646c288c67942cdc7dcdcafd4b1131fc2973349884cbadb98f031ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b652f0b1b008075abc5321ee5ecef341

SHA1
20e66d96d8cca51aaad81ac5031aa246795f01e8

SHA256
de4cc858dc0543852583399cc3e46f37515dcd28cd7d5acec6099d58cfc4d560

SHA512
b9b6def75011b556d24703fd2a30610a5990d43195011c56ac644dc903de0b8a2407fb3594888d8e8e292780b3951b14514fa8d377aae8a1dd23ca5f067e5c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\000004.log

Filesize
4KB

MD5
77e846706dcbc8bc3285a0aff30d63f7

SHA1
d22a53ac9c1c944dae8e6fd54b0ebaa15535affb

SHA256
b880fd233050e128735dc9f11915a21113b7d8f1c8f20ab0fa60bc45828f4200

SHA512
2d8c64b39c0a14f5ba4008b43fdf64f5d8b14dc139a06a65cf1168d19eaa62f901d057a5921593df7a2bd44c065bddb24faff3e343818c02285f91a1b9783c7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\000005.ldb

Filesize
671B

MD5
4f4e074b0d25ac4818ace7f80a9d0616

SHA1
0a6897a286903130fcd35b2f467fb21bf8fd1d60

SHA256
18a8fc43b6c41db5d08acbd9b11a144d79d2dd5f2d493a2ffe5c01183e3bc730

SHA512
6808523b6864edf6b5acf5867f635f258f8438305e887016bf11b205396cef983d51b5beb2e73df8e5ce515d6e068d4b1dec9e94306f361d9bd48d979b1487d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\LOG

Filesize
702B

MD5
972afc269126260fdf6b386c6c8a9097

SHA1
dc448e398cc8504fad4cdc0a659d2208d6e559cd

SHA256
7c30d82a79cf288a54a1a4bade39e2ca64b690f2030eec6c37631d41d8ffbebf

SHA512
610815fcb95f2e743a9ee665d4cc45e4c146733453d5cc9ad4256f4b1a825ad918905e9f6f610c64555afb7c10ec2126a30f4fcd68ac8b6081e020c787ddadb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\MANIFEST-000001

Filesize
71B

MD5
24e34144870881044f4b90b172ba7a64

SHA1
7622850cde7b061eef08ea1a50095e610e6b453e

SHA256
234689aaca08ee47b3b2c34c79d0eaf111bc6354113f6f777420337172807350

SHA512
abef5333e3c4a7110d6593bf95346e739ee3550bc293bb679c7a2065cb8edfc0af62bba1954819b96295ace56088066565d7be3e9ae8256013bfe867c757fd45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7d35c6ba-cfa5-4e3e-8d64-e61de9a8b82a.tmp

Filesize
2KB

MD5
126f478d07f497922bd47f72144e9e17

SHA1
0f135fb54cbdc05850dd573bb5c06be7dcefc117

SHA256
0e7038ca68df5cc4f02e4c3d7aad39daf6086375828624fb434ac6b1ace3b913

SHA512
7c9569120279cd4d7458e295fea51a6b32a4c73bdcfe67e94e785d04b4f1c3a1188eb871c9f3eb9f435b130be79682c19c71e2723e264787185ce94edf8291fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
297fb9c3a1c7eefd8e4f5553a73a597f

SHA1
93d37c737f4b7579da8481256b40911cfe20e3fa

SHA256
80dbb224314618982d2cd5735559633ccc9de5157584a9862c2bfaf1d0d14fc0

SHA512
6b3f150f327f1f2c2481427d93c81107d764bdf1cc2d3d60034e7af45c3eb16d2cf4315524c910b02cc2ebe319df15605efebe2a6a0a0b8c0474a8803b6a45b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
88be29c976fbd99c0637e157423d4e4d

SHA1
15c7cfb0ca21e0e508795e692947e3e902cf667c

SHA256
cc307173d49ea21bbb916823960638b966fadf58a7658522e5e0dd0566265142

SHA512
03fa5b4ceb4b54760f2c57517437800fb098a10dd2fdca921e2a93d711686b25a6721016fc5463967c6237473183df54075c3d037ba39cb1040eba743374753a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f5611258fb1d83b28d15745c2f86061

SHA1
f4cb0e9c14bdef19c7eeefa122eca7d400cdbe7e

SHA256
34c9b748bce2563974e27cad0ea4e1fcf6775b5e7a31f2a0b916529c77cf912a

SHA512
62d723b597ffa2c1e137075992676022eaab06be26b3f9ce499658a68c91720f60950f5623e269189317d807c96bc73fcaa06cfd5c542e2b784fd58e425473ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0d85628559bca6eb8e6131554fa1ac94

SHA1
9e6b35abed98b0f5a7823153af8c7746cbd9c958

SHA256
22ba0aa6e54ddcf1e2f92ff9b51e06048d08668031c5d68bf7bcd1d5aca45b30

SHA512
c9ffdc242daa7ac8e69664150310afd32eb57b7cab7f88b9f19654a6f8c22edb5cd98d37d1ad2b55d1fc17594849391540365e4d1f5823a90fbeac3e34401be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23faad91a9955635e615e4e55bec67dd

SHA1
d427441b9809bff5206ae80e3bc4288b3da81232

SHA256
20c4339708e70c71c5e830a312834a30fc19f3c82f7c8c4f7a86bdebd919fad7

SHA512
120525cb1802c01e617fff66e2823b0c07aef305daa4585f6efa14b64c8485afee79239e987e9e6a3fdee33811d46f8b33e22eb1e1e2c4b7b94ee193dfcaf728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c746a754e21714e874199e17ba66658

SHA1
6230f13fd9d3608d727fe38e7dbddde35c6a479c

SHA256
d0526eaa182b405ffe78ffbae932f0ed9e741eeb93a8889613294755fcbc73f6

SHA512
b5dee15120caaac5954975c4f4bdb2f208cc4b8fff3b04487e2cf3f37f24d436401af2d211e2ac5f47cb9cdf4ff6e5c3fa70579f398ee1fcb62f15220e0cb482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
88cfff7969a75c2e0dd9e58cafcf00ec

SHA1
e7684b4c5d03d3f3ba121a2dcf968daf23fd7fd0

SHA256
38c5f7b42c3581505907cc3dbaa2c587d02b92d874e9eaf5b09f403b79c53c56

SHA512
8543461995eb6f920acc1ace78f9799bb071b76fb228ed96d0815a6eba3f73e63f156eb4c6663df77bdb17921b020ad827788b88f8d1476de281871d712fb674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5834c7.TMP

Filesize
48B

MD5
eea12aa5e3e5fdf39a57cac2c7a97c94

SHA1
e1b065b019f977f24abaaf4804f89440108cb933

SHA256
a67f14a0c66eda614ff3f09c6660abc6335b4c06ff2cf8527c3211177c7fa88d

SHA512
f02c48815c1d4ede515eced0b142ab1e21d887acbefc277cfc38b06e1ccd3102df5aade94e21cbb5a3b4295396e2d7608bc956afe248d57c076d319f0d82b093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
4KB

MD5
f782635b8e2c32ab52f4a6fc4478bdf7

SHA1
d3073a67c71558ab38aaaf994840a50ce5c3d9ac

SHA256
7c6c0365cc8cf7d6e5e6155fb80465628b99efe541c896684ad3af2b703695e5

SHA512
fa639d63b1587e750f7d5d3d3f7cb6a49038ea70909b44f396fd84bbaf4b3c8ebf556a57e98254198ca1642006c3452b51935569dfabd7c8b7e1105e3ec23d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
9e97ec63ac055654f3ce74a71c8f1e6a

SHA1
c4a09a749a6a0d9ce1c55612c365c87e1bc7b9e7

SHA256
3018080eaa15c2bb26cfbfef051a2e0bffe507dd826e3b467020cff111bf6183

SHA512
a532eace8190979f8098d2b5a83070ea73e76bb48981aa5b99fd0b29557968fa5f09516be1ed63026c67b787c8077fd0260e544bdbebc4f7a575f47228e19b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5a3598796bf8ae63c39684c86b86b9a0

SHA1
1ce79b265736e0e693b4a479a5d9937bd2f5c445

SHA256
d51daef31cdf117045dbb130e5b1c25d686673dccd49c44e2dd4c0f31ea72524

SHA512
df05c9655157d9eb9fcaa7bf1588ffffd049920334d580c023571dc55c7d84b68796fdc1bdaaf16872bb95727d996d37c745a7df7a394f673410956945864b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
51a51e8f90fb25a943a6ccbca17b70be

SHA1
1b3e40225afc26e2158a9734fdfc0c39750cc08e

SHA256
f782e004c89c89f6c961e104547a7373bd869207b6d700107d2e823bb48456aa

SHA512
021aaddfeea1c52283adba8c4720ec60e74f3bb322ab00c9e4f6c3b2780127858514054825913c3977f8aadc5ced63a694af2578c91e151610c30c1ec5daf82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5137589763523162e033ef470a2c7df9

SHA1
edddeafbdb6584726e401d98d5cd33f06176d5ee

SHA256
16a17ddf8ecccffe60b2cdbb2d6e486e9ca5ddecd107fa896e53a0ebbb5ae758

SHA512
1550e2a2465fa749c468608bd2d44f9cf37dd136a9db8da3b6f2af222633c9ac2af7a2ef9e10ac0e117bbc724ae39dab539a3497918c330ff8ccdd886b54e322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
988d1487875728898b8f7ac5121a64ec

SHA1
4b669a2da434af6cfcd50ef742b1a39a05d634c9

SHA256
57b5a46fb722d74cc5a9c627f229167144a55c63b59d6516bee47378f4fdc90b

SHA512
b10bbb8ea02e528ea71996228e9b08758febdcf25e8d6606f8952d72b95853801fe6c397ab1fc703f2773d74c9d759365373abecedd67e6cea1e88006f67984a

Download Submit