hxxp://lomando[.]com

Analysis

max time kernel
114s
max time network
987s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/05/2023, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lomando.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: 33	3016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3016	AUDIODG.EXE
Token: 33	3016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3016	AUDIODG.EXE
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1304	2028	chrome.exe	28
PID 2028 wrote to memory of 1304	2028	chrome.exe	28
PID 2028 wrote to memory of 1304	2028	chrome.exe	28
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1052	2028	chrome.exe	30
PID 2028 wrote to memory of 1672	2028	chrome.exe	31
PID 2028 wrote to memory of 1672	2028	chrome.exe	31
PID 2028 wrote to memory of 1672	2028	chrome.exe	31
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32
PID 2028 wrote to memory of 1432	2028	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://lomando.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7149758,0x7fef7149768,0x7fef7149778
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3700 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1448 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3952 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4116 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4232 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4504 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4896 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1480 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3988 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4348 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4196 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4192 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=688 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5004 --field-trial-handle=1228,i,5955790083718288511,13475021263147487053,131072 /prefetch:1
  2⤵
  PID:920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
26KB

MD5
8aa708f5eebf10bd82e942dabf1623a5

SHA1
326a6d469222302a80ecf29039e7837d8870ee47

SHA256
fcfdc2930fdd7f4b3c7f0c1308ce2e89fcc5082ae6a0a1e16ecf0f7e417f1368

SHA512
4ff34b651cff1ed2adf948606afefc9cc87b8843dcd9d58b5896e396f590747efbd18c6c21b029b0e45b443b4df569fee25dda6312c31e804d772c649d1a4407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
102KB

MD5
58f06e7d628e7e207cad8e48c9cc76be

SHA1
9042f057d52be00c9535ce93b0ce4c03707e0c41

SHA256
ea6c34f2e7acfea93ba722fe283f2704392dc518c9a0d1eeca0ba03a0b63d789

SHA512
10783e602f3c3e31d34ff74c891bdbccf999d5a63005d4123bc3f63c4d8a806b4a36fa892c510e08683915f9bdb39dfe199cff9b515d3addd97b2510279043c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
52KB

MD5
d7910abb123d548163aec235aae83684

SHA1
3278b1bfe3374833e030af407300ca5bb2764493

SHA256
9e3ffdc257c7ef440403116950c2c3a78199f9c3f6498f8e0770899dac7e68b4

SHA512
02fd70fc48e18f27d07172c1fbf17b3d22611d961dbfa58689c8c5be40246fe169d7ea1c1477323d7a6bfc57fc269cacd55f69e9d947b2b2ec2c127ba441f06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

Filesize
391KB

MD5
0bc703ceaf3c51085237774fc6092750

SHA1
f6b630ccbaca13476b89ce9c58afb4d51239370b

SHA256
57a815bf0fdaae0666bdc954e81a13f4c86eb3088733601c1008abb13b5b1111

SHA512
71d85a4343247cb61132f633c8277412d474c70fd6c39872dc3eff708e654339c3b0e44b0f50ada4c843fe9134e90f492c35f9ae170e940ef0bb49c40305c66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
36KB

MD5
d758b057921d2adf722ef094db13bc2a

SHA1
cbb29659efe5633166c0a42ad6175a39ace5fdf2

SHA256
83617a4d9b6c1944ace0b5d87dd8b72ae01edfcbd5b414c8b641e33973f2027d

SHA512
d546fca62f1ecc7680f0b46f6239c12ced70863f12d24e21e020e5d1c3a754b581c447d5db43fa754c91410937798cc9ac0c49ba2f926b533c1d41aa441b8e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9097854a464c7a95_0

Filesize
3KB

MD5
3c76303876b01441a6b27338faae2099

SHA1
9b530d4979943b08968217abb36f2c8ffc46d5e7

SHA256
20503b2b9f1e67cafce77897bfb3a26c55657cf15562bc914c6a4aa1283ebc4f

SHA512
42af5e8520216938c36d0651181031193deb10d2ebbe718ca304895cac86840e9a6576caaa9b3c9619de210ecaf17c278582e70db12e86d65bc7964fd48e35af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
434560767099ee9eaccaaa4ddf7171c5

SHA1
a8dbd129dfb58783ad3b2fc45dca51ff2178587e

SHA256
f75bc7a0e9f87b3da8ebf8cc738350a26ed413eaa82b2acb899fee1b4533eacb

SHA512
ff45baa5051d49d1165a0f0a5eb34a9561c7fad7128b3205e702c8313079f72e1a261bf27feb7e1fdd53f6b90e56d5e67868eb6bf9d05a206eebfbd0323d7ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c87e86d1b232016c503203efc4e7cf80

SHA1
6445a36ce5f44b54cce159935a031d07e2851942

SHA256
f8a0783b6dbdafd648a7fe0335c600a9d116b9fa3487a4d3d4f68147bd9e0647

SHA512
f7e966e8620187275a1b915dd519f992ae998966be1ebf89d4f7f7b76d75c4b4c07fe403e40387d46e26155ce3f405146b82c9ee2f3e55f23db54fd880ac645c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
3dafe995fee9ca5219d45980b44e75d9

SHA1
4f387b54d00ef3177fe8e04ed96a7a35478afb77

SHA256
8cf92e17787a7cd87af9acbdf42f0b73651bcff1efad816d15ca526ebff00917

SHA512
b965d3d5096052d74935110b1f6bbf0c5539e5581198d77536b5906c8d207fefbdb60c7f282851c222f058c88d602c561c2a7b503d4a0823bfbb39dc1b9fad1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6f1b9d.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
104b9443ac3c63b27103c35334750558

SHA1
e236ca5545e4a01373e2d80be7caf5215b8d29ca

SHA256
55cda3c066e4b73c95a7fcd9798efa1046f44b9897c5c90b715a70adf3d7e656

SHA512
b480f7e923cea6bb3f5821bd0a8a0c43f9ea95e0d5813d945d1271a5aa8bc5d7755ba3d0554eda8bfd1dc66ea02238223ccee67faec3e6ccea62c3dae8841c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3ea23e665f93d34cb1c25974244bb214

SHA1
976a2a0224de39436c25268cfa390d96ec7c2bfa

SHA256
65c9f6d9db99d2d236264025b0ba74acd5961aedfc401fd5dd64f019e08cb9cd

SHA512
53f7d290515ba887c9359f7b9d41953b632bb1fee49f1545f61f0f23760e55be4e4050c83b87547d759e176ee70d9aedcebe109e3b50c33ef7d5f8c649787da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
85cdbada464b12cb71b02ceaad5eac83

SHA1
796dd6751540153a3e99c694d685421bfa6644e0

SHA256
edbbd1d4ccf453e995dde39bc4a719c5117ed1741a1ef39ea0b552e187b53af7

SHA512
11fa5346e8bb692fad94089187c6eeaf5496a8ead09e63c5d2e74fccacc2b78a0a5e7034a056a3e2ba07fbe4c16020c90d432d2794feac5969028771f14cce9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
20ccecd200e7e402c908d0a0f1e97d29

SHA1
16f8f939c8b0f94d71865763183319c0d04bb858

SHA256
4f628fbeb6ead348990e53c6414127d7e207d8840190840951c3bd2d918a2d05

SHA512
ca3307b9eb2811c112c481ab9a8235ae511804f17fc949f960bf71ab651402fa34d7a8a96e593f97eb38b37a407c1f685f44ea3b8f61e9944ad243ede57a12b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
542865ae03a29cd478b7ec232097a413

SHA1
df058e1788180a93e4b6312c199be19d7aceabb9

SHA256
07d3c380ec8c9f44547eac4d1f679f8d8431c6228e4ed59d1073c8f7622b1d9d

SHA512
a07f5550c61f989bccded8f2c8d5f7d7027ebe41920dfbfcb68bb4e268018feaf28c3a7a8d9511ab68977786aa53813e88d1019102eff061e53c507a645c11fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
61b86f16dbbf9842bef01cade5b5aa85

SHA1
3b4edba287e8f76361229a2f99c0998388ebc32a

SHA256
505c6a24b866fdac4656c9ecbbe7ac145e4c253622d9183ab0e5740fd25763df

SHA512
89a35d94c1e13ef4e8f798ff46626eedddfec4655bf1044dc4207a050e925430e6235a0c67fda22771c25e6044944fc128a5b53e00ac5d34b2eed585fff4e957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
55c0f0e907e02988ef0f0899a9efbecb

SHA1
a6df4c7f48c05e3a64dfb0f25efdb9e0d65cc244

SHA256
a9f3da745d755e8c338b80399362061618e2a1a647eb4e8fe2033674cb3bf87a

SHA512
f362a72246e1c6de7614ea3b8ea56ca1c0b48707127f1b6fbeb6b6e1ff7ac056c536a226dba5961d25cd1e982c36476962c77c13cfe16005cc647142cc3a4bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ec2c0d13c5eae570ecb22f3a4500e8c5

SHA1
92a35f903e1a03ba0422bba5d7cb3f988be42ce7

SHA256
7df4b82fe1e615c0319d2513891d196df9acd0d0531729d2f9871103f47d97f0

SHA512
2a9df298475a59a2b845e188358df5eb9818434d579bc29571c9172bf6fc11b096f8c2e0f7f4d679be9793ea3a4230d1b0b772e78bd08adfe9eb9af501cf7ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
82563e79667efa9021b4c54c8f59dd9d

SHA1
1d416120ab04b178b292e1b674bd14d169aca3d7

SHA256
4dd07aaa3617285a745869c10069073902b0ad8388bd463d5d9f083ace49e70a

SHA512
685e38019e1ac02f8c57ef068f4255a9061df67ecfe1dcb677fd0db726abe1394eb2a57b2b16ee738ecb18cbefa10339d3c6ae40a4ef792941a66f1fcbb1142a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3321dc0ece655bff8fe0e4dcfafd2208

SHA1
4c775127cc1f5fe3749327f62dca74e603ab4536

SHA256
4633dde776d81f25668692f5bb66e193305ece85ab83e4d8f4fc798dd4575dc3

SHA512
c808923c4b75ed1459280d596b955e00684961cba9589991363fda30245501bd19d61c7fbd8d9392d16703b92e042c8f0222dab4c9b05ad30ccb3d2575947400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
207220bc6107ff82ac731f5245d2adb7

SHA1
1cd4b0b8d389713b795b4e194d563611c13bda02

SHA256
fac433e665dc28bcb4451df9deb4775bda1ef0d311d1651a18a2544b0977d449

SHA512
cc2683f881af420d743f9214eb20b0cf027760d4c0f4e54e62e75acd7b7167cc6f1d4374416e884f1f78c12581166b3a26df0bc4f6db1829925566fcf2d6f1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
642393c1ee43967dcaa59ab42afc7c26

SHA1
030540976bd8afc4b85f8b35878b40e599fb1c2f

SHA256
04e8f7d04b5a8a5f698ee4a2361996bddb0094b895921a5300cbbb87207e219c

SHA512
bed1a622cdfd50af25806d2894dcde57ef7fbf4d0d75997a3e1770fe44c7de9ab1c4545e766e2e70f456e1c5b8f20a5fe66962f74365a05a9bf04048a5528b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1c8f2494a2ef9f516a5acbd8ed2be519

SHA1
c5e493537d1a4a18c3f179a2ee5b7d7f56612182

SHA256
8aee76324cd28f2824cad07c08d88a2f2159ccf73af920b4f241bd9e516f7855

SHA512
cc7f0cf789568df048ab0a2fc590372203c639ed08a28ac3c39fadc305f1667975745eeeb59a0ce9e3646a6ad476ad185c43e2052224caa525e68487b009965f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f92d88ef774f93747ae8080ac6ed6667

SHA1
70fedb1642157451d895092781f758a4147cb09f

SHA256
d0ab619c9f3e75e3af2269e02fc15f28ded6775e12c4a0a8085c463e3ea20900

SHA512
e6287c49d5f531eb8f249c827daa853ab0a72f0ce245ee56ee09cac9b2ac01370fc36b924deb2ca503e95c9c6257434ac919c9b3527ae43a77725718a8de5a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit