hxxps://shrt[.]asia/XkRPf5Iv

Resubmissions

30/03/2025, 15:57

250330-tea7xs11ez 10

30/03/2025, 15:54

250330-tcfdvs11ct 10

Analysis

max time kernel
152s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shrt.asia/XkRPf5Iv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878236823249816"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{D4FE9454-A420-4916-B114-8494DBCE541C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 3104	2776	chrome.exe	86
PID 2776 wrote to memory of 3104	2776	chrome.exe	86
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 3644	2776	chrome.exe	87
PID 2776 wrote to memory of 4268	2776	chrome.exe	88
PID 2776 wrote to memory of 4268	2776	chrome.exe	88
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89
PID 2776 wrote to memory of 4212	2776	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shrt.asia/XkRPf5Iv
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff5ca8dcf8,0x7fff5ca8dd04,0x7fff5ca8dd10
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1908,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1536,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3892,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4400 /prefetch:2
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5304,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5504,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5660,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3292,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5948,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6008,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=984,i,236583444086337636,7732446848409199328,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
032f8e6ca811fac64fb7cf9612814090

SHA1
6b3067d31843f75e8778df0697b1543d39078a55

SHA256
80100a9b1ca6c3b3c2d5e4bb5b3cee3daf2ab670f3c1d8b58b954014cf55e2c8

SHA512
cd2b76c9f4e0aeb0a8cab424f2a4b029959a108619e586323aaf9a8406faadcee51f53720eb7fd95f6256499150899d0c517120ae83a0434a10e4f5b59f29f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
53796610a4044848f60c9ecc9bd8b53a

SHA1
ce5b944467b8467ad6363cc2a3e04cc261a74b88

SHA256
7fa23f22e7731ccb70912eb1f1f77118f32dcbf0bf92f5263d965cf53efe89bb

SHA512
d44f76a101f1c62dc7355d49a51ee0f7efcd34ef5e2e28f5d83599e4712ce568c2cfca781debdd4905dc0faa19c4d489ac2a1cabfe485ee21985a79116624d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
50cbd4361cab11a5031c9d1db71b3a3e

SHA1
77cba4002022942df2bf1fbcf3d9b3bffa2fd3ff

SHA256
0b3dd81d765a0fb2658fdb63b607435a0a6dadc8092a84078442cbac75c3f71c

SHA512
ab30538eff1e0c7ecc65766f0b37117421cd898587da5adf2f70c53636ad5b9f5b32cec33256ac503530235c3b7a806e7d34521539cf27bee4fb5270295990fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2ed75e40be8fcfd508d200801a8ac08d

SHA1
82457903eda228f146f1e828be105cf0dfd51298

SHA256
c5b88f6f4f1c0c6d097eab08c88d7e90c85250f2ccf974b09747ac4b9811991e

SHA512
8db6ab5bbe8fc40d899fdd5a152b2c4ca9fabd01f4a4088933d0eb40e9311bd61440e1f024ff149b712870b36ad071228bb289f8efa8052f435f2e45a8c49414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
60443cfb7edc99b345d204b5ebb4084f

SHA1
221769060ef04eb3e77199ae2466bceae3482e90

SHA256
95b28593a87033360e293ea2a23c5e36012ea6c590a38e34ebbd36320e664069

SHA512
e833854a4bc2313b6baca834090d5f53720ee2ebd442bda69912557cf1ba40a661cbee2fef9e0895038ba4682e345fa6c478aa8c717f50ed53fe9e582b9d0c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e16c23825c294722261372900df206e4

SHA1
aff02aec4665847ab9f520e265ccb88503113f85

SHA256
79abefe81660f0147db69fe01ff0725602bfa5158aeca14f7b949d0f051eed90

SHA512
fb7205461a504609eb511626139f791af977349f1491200dfd24096a61b2c613393d0f1ce0d46eebb7b7d78092e64d02b3c9d7e6b8d649192e146eb7eed40892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
35a73076e913b1666abbf9e5dbc42484

SHA1
84c0605732bcd2dcb2ed411171050bb2d076dafe

SHA256
70f772ecf02c7795b4af0acbfa0cc9b1a156c9a202dd6c07116f978b05cf8df7

SHA512
c5bc88ee6e20a49ef06516ca5472a70ef0f2b9a47421373e22bca35bbee8790ae2a51289789d580ea0b95a2625d82485316f5258674e4e88e43717d58f7acd49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62c30fd98ad2bf867d380379edc77d11

SHA1
ea65d2f3ddb03456104b2dedfeaf52e57c96bcf9

SHA256
5ae952b729807daf0290f8ddd1a8ad35dfe8a343ebee5b839e7817fff721d4bb

SHA512
c964923cbcfc5c6717b96ff226f00279895d2ff501e05d749ddc29313be87bc950d7bb8a19161c6a69b048a28a6f8877e555a80e042de5c363a2824f8d9bf894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
6999f653a521aaa43550c3ca2bde0629

SHA1
8acf7bc0c5eaa303635ceec0f676c14872d7cffc

SHA256
9a377e105697f104557efc556d04f221cc45696cbd727ff09ef28addf33f6e92

SHA512
c18a3b5d9af5e4277b0c55592a7b9e4f28024f6607139188596d2f206f0169589fa9e004e8f7af147f07e312e6c7a48d3fdf01ecb8882fef474effc50984638c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
deccac1fbfa235cd706ab93dc8897a5e

SHA1
11f72e206a293a4bb89338f798bc0f1ba4e61ce1

SHA256
01f5f9f6dc945064c5196dd256d555b7fb9e37f5e300524198e0940ae5baad6c

SHA512
fc4f31e9008d133e1b5708d7befd9f8eb42e44d061109cc6b59b1a4e902d15b166e3def951748cd27cee3f94e7f56636868fd51aef6a5db36e87853e03000565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c746a754e21714e874199e17ba66658

SHA1
6230f13fd9d3608d727fe38e7dbddde35c6a479c

SHA256
d0526eaa182b405ffe78ffbae932f0ed9e741eeb93a8889613294755fcbc73f6

SHA512
b5dee15120caaac5954975c4f4bdb2f208cc4b8fff3b04487e2cf3f37f24d436401af2d211e2ac5f47cb9cdf4ff6e5c3fa70579f398ee1fcb62f15220e0cb482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a7f748a37b238bcbee90054dd931401a

SHA1
fab32fa19544aac42685777d1984a14496f31eed

SHA256
0e1fb29996483a3bfef0a016b1e557ed987f3daf462eacbe45ec1e6b7659d060

SHA512
7c74824caa24531f6a0cc2d15a6e7c83f3f2718d259bd82f5f724189f3e23c218e619d0a7ec45ad1d2fb2391c2a352a137641f10741f00bf23f9b09bcfb92896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e24c7d83ac3e23d3e01c6a47b8765e82

SHA1
dfda8a4b85517c341f9f6cdccd40180144cbdfd8

SHA256
7fefaf6496ad131e7e7e96e685b571a468121e18bf0b60442a601db92c822dce

SHA512
20c30f302540487d92d45143403d3a0467bee8eb8036f6b4bfd1ebfaa469312a0bf942a6938ef0167b0b261befb762ff17a7ecb70a1f17085e51f17fa469addc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f702.TMP

Filesize
48B

MD5
f1b89577655f932461d1e01b692ed3aa

SHA1
25720b47bc307371864319ad7633ae31d033f2b5

SHA256
9f4898271f194e85f2ff44b80ec6783b2679a2e675c779fd0cc77812bb8b4a07

SHA512
6eeedae9914ec9aab3aeaf00c139cf1cf47dd99d4b29f623898be9248839ff58f6f08608fdcc9e00929e3e0d8e9187f3c88b5c83c0cbb46e1fe97753919f8f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
e50310fbdccc75694e2bc8f2106e2ad3

SHA1
71e6d10b71ce9176fc9a8edd6f9411bf99444c7d

SHA256
9006b3d077a3a3b15ff6fddc5c4275cfb5b10f8ca94a05cda5e760478bafff82

SHA512
e370e0eb1af86301535e03e83e4ec44941875a465ba667c8962738be270a8513338b81ecebb17f04b155da29ec6df9c935cfd7ebfdcb4aca256427f45f964e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
c927cd4e0bb1f42129e8fa7a21eb33e4

SHA1
b0e3e0af9494510d9afbad48cf082b921e1a1e60

SHA256
525515bb2b9551bb61c63eb53e31699cf3a3025f4872c5d6d8fac840c74ae39c

SHA512
c258ee76ee2f3707b6f0b2ffd061edd290971797540f0bc17bfa63e7777263cd1ae7baf033d08aca6672e2d4ccd9ccbe592d050b63494d3cbabe4a4bf87d2b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
2c49b79a90a686202e2ca0a8f812239c

SHA1
3b30387a2328de17fe288c29f66fde4c4421d674

SHA256
6e617cd9ef566142c46c813db18846466f459b6d2fdaf70cfc27d4e996400be2

SHA512
9d7d3fd721fd59414ba9a499a54052374a66e8717d233a13bc01a93700f2f56306d4f707328413dfd6e72d7f47ce12adca02c8a3c6d337b0d4d69ee131bfabe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5291b27d29b782f085e901551600d9d6

SHA1
24b82cb8e430822176955ac2a584d412fae87d65

SHA256
d744cf8d63498c7472e67db395e5b95d1d3678dda3d020ed15aa53af2a4069d7

SHA512
15c878126117ae54b3da439672fb4d5be1462e683a09d296d364bf1c19a37306d228b25cbd9b84cf43469bcf724f13f64fbbd00d441b566555713d1daaf905ea

Download Submit