17dd236c9b74245dd5929def149dd8546c59cc0383bf00e22d9d3131dec61684

Analysis

max time kernel
299s
max time network
290s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2025, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

8KB
MD5

1966c37daee5a5d89986c2e9b05abfc0
SHA1

7352f0094f7339305126d20c862d480852e09f23
SHA256

b0b15f51aa5e3431935b0b11babca78b54bac359ae4d06fad663af9c9cd642af
SHA512

e6a3a3a381b44aecf39713eb81a3c9b3acd606d6525daad677840fa2f07af18533fc9fb1d60db3bd8043e27dc5381295bf69e5673c79b8e77e64f3e2a428f60c
SSDEEP

96:ozlwl0lIELlDpiIlTjKpSrFl9YlXlqHqhCUlEY3xjG8lqBlM9EilsUlyl9999rG5:ozWua4hAIx3ZgBIyOMYB+ThAkcwot+

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875539740911656"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3108	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 3632	3732	chrome.exe	80
PID 3732 wrote to memory of 3632	3732	chrome.exe	80
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 2656	3732	chrome.exe	82
PID 3732 wrote to memory of 5036	3732	chrome.exe	83
PID 3732 wrote to memory of 5036	3732	chrome.exe	83
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85
PID 3732 wrote to memory of 3988	3732	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad28fdcf8,0x7ffad28fdd04,0x7ffad28fdd10
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1244,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2228 /prefetch:11
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2344,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2316 /prefetch:13
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4164,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4188 /prefetch:9
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5088,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5100 /prefetch:14
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5136,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5112 /prefetch:14
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5340,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5412 /prefetch:14
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5476 /prefetch:14
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5440,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5332,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5316 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4548,i,16351502563645418756,957770923779155807,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4456 /prefetch:14
  2⤵
  PID:4344

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:956

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
320d6bdc2e59505290aa7f2607537edb

SHA1
4ee8d27547668efb919ebc1bb22656e6235f837d

SHA256
388242a76c13e0eca52b45e73317cef5528fb793ec034bb9fcf0e9e8bc12d6ea

SHA512
6669e3c7585a319db293f2e7debb0038c9fed2a70e09783b027c7f0b21811059586c9faa72e881625788f832c20cedfb4b56b1cd23bb7e7232f4b6fc1cccc670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
f80e30f5cab8595a64047d7c261f328b

SHA1
02e81aefa3e3f6d183c2f7652d8dec4d9d30b2da

SHA256
ef0d23531a39a5ff9349c14337f91b2853ac6564c901c2e9c2a120f097f9dbea

SHA512
0d9879a4f129dd7a44efd8494b1dd49a1a3c2f1178274c446677f62c9c42505493b3c3b52bc8ef04cb71eb731d34ca90ed653a2ce98d24b9cbc814be08dd2757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c03f72b4622dbdd8e952ebe0ff859236

SHA1
b7a91b9abea60773430f5b0884d68ceda7165bd3

SHA256
2b653d8be3f6d6f96879fe20fcee8632b0c1b1f3974514064df20b88decec63b

SHA512
7eb1978c37c43f9cc3cb80bb5cc0149c53a37825963de3322caa1ca398ecbb9f651c2265c6f48fa644fd8907279c28ba4418a734063512e38cffd212fdc59661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d7d80285ee37c1f55a453821b6e0e41e

SHA1
71cf31690e65d0415bb6b1abc3695d09eac58790

SHA256
ad0270dc1aad736cba416561ebb5f804a5f1d6c9ab8a1e09610e961d1efdc579

SHA512
fba1a8f7f0214ee2cdecea07d4e30fc80f433775263df6009f16205dc98402c2e33d3fbd257ca9700bb6d132dbc461f375f3626e4a1f07589d575420122f968a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
014fcf6cc34127d52c3cea58b426c6d4

SHA1
1d03f4bc2372904f726a37b009c6ceb7e30ea1ba

SHA256
5001b251f517e169582aac97d8be7e43e0c3cfa50a9d0182d4b5c8700a4e6ecc

SHA512
81e7f9aca0ad81ec8fa463e39a1362ed843ad4c48be27273676f5c6a53b194f56eca9d4b18b06a918d8df88c9d4abad4ae2891599e79f98474249f280d43e749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a76da4ad86167d94ad1fe511fe493fa

SHA1
0febc3c82e7baf9adc0e4eedf058b80fe88e2428

SHA256
8c65bd804ef534281b3fc1dd7d83dbaa00a49a01a421cade19ec361b80a745d6

SHA512
5ded39855a395af75315f4e5cd7d403247c5d9aac7d87a6c42898a0f940e5e65541bf4b438020e78c6eff8f57ace880fec087a3a9b16d534b2673939886f0723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5bbf68d6a51ff913c790b58d7fb8391a

SHA1
81a04607ce81e489eff708f1cfe3911f1cc37d51

SHA256
47bf9ea678682240b3254340e5c17a369fd30dbd7826e460e5eaf87745b1e705

SHA512
46a39bf1fc1fbe1e5f0c022ded7133b1d44bf2aa5d8687281b1df39bd649210931739ec7b1a3e6b6aa2a096cfa15dbbd6172579286b92b8e17a1731452dfb920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5b3387cbcbe8ce5609619dc3463693a7

SHA1
5a10c33937318790611d125e967a330199ec799e

SHA256
d468511568da8e4787799bf76019dd9c0c88e40c629ece86d8e63e4b808fc39f

SHA512
edb038b9ab8b084587ca35c466edbf02443d30f10414e57b078aff348fa57d0f9defc503b308e8aa4f3fbceddec27a1b0eff4869ef32693b1e3fb2eb41692c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ae32.TMP

Filesize
48B

MD5
09c5a845e9f84b20a85e39130f683ed8

SHA1
630dcedf1ff0c4b51ac002df8f618759d054bdea

SHA256
3e1b2620fb3ecda3dd2b38f75081f43ec231b598206cb6eeab88e9a51d71264c

SHA512
d4eeab74c1fa0b21d22b6c42eae6c7230ee7fad5fb63d49c163cd14a6216c4b7f60859da043594badd5d57940ae4e1b49209badfd50e1f999c6a32c57351a8d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c186d0145d4ad1c7f9c225ed0f87e578

SHA1
918f21f2bed7bc19936bd79d49d7c50237c5a3c6

SHA256
49b8af9e6ab9f219aa2c79d430e010bda4dd18688982614796af4cfa062c8a9c

SHA512
6ac3cf39f654238f21f3974f84afda51f6509694d2d22e06c952db7b5d1dcc425aa319954cf8f91ca2fb6bdc98f7cad5bf535d35b327252ecc79db4e90b8b399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
f9d295a11102e00cddc816d11bd97753

SHA1
10492b3cc6a953bf1155b8dd064517286455eb7a

SHA256
50561df71e84469cf83db65b45fd156405a17485170139c0ec573327d781a924

SHA512
a2526a136e78ee76b37870217457e44df963635fc7e696c632afbfd18cc8bde070a141037d4bbd270b306c264fa17954c21b79a4ac43b9825c0825acb053ec44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d9fffc208987a2faa45cba6f9ba9a2bb

SHA1
694ac8ff5a2c1bf844cc52dab0dbe24afcd6c98c

SHA256
c60e58c582c060c9e0e7a4f9def63394ba4665d22861b1598db2975c5d1e7517

SHA512
ea8bbebffb712d9aac693170bd357a8a0401b5a7cb06196439102bbac7a34e2e1caf3005c8370e2be8a0e2b3ff804d82a47202febe3edd9ad79a7ad97953fe63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
101b44c6b2c2f0ea68903d4d4fb691e9

SHA1
381442c0799433ef0dfc528df90de9ebb6e133a8

SHA256
1a460142094e9fbf81eede83ef5a825ec1c5e6e46013f4d4fc85e662e3cd1f04

SHA512
dcf6f454ec8d7a38987131807f4bfd0d6afb4ea493776da5902b3eff8ae3edd67d3036ec97663ddf0dc8b4d337cc30f78e660905829b94869c1e19a80452684f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
1dbfc15d60c8a84a92c503d69f002e6f

SHA1
90aa4deaa542004a72c27fc0977ed8de710fad00

SHA256
79393d824289ec314ca41edd8a34b91c8e895b7bc81c547453cd725f708c4db7

SHA512
5db121a85ab6c0ba3c3383c85cbccc5070e62c97a061fa644da75b64f1c298681ba61fc721df200365ec46024d51624230ff47aba758ca58208fdd6173d26231

Download Submit