5279a1e53a9ed6f680ca0de87cd44c583e398cbddbbc7fc50cebe2e921742718

Analysis

max time kernel
516s
max time network
2633s
platform
windows7_x64
resource
win7-20231215-es
resource tags

arch:x64arch:x86image:win7-20231215-eslocale:es-esos:windows7-x64systemwindows
submitted
30/12/2023, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pdfsam.exe
Size

546KB
MD5

0a4a155a136496de3f7b6752db4825d2
SHA1

c84ab8d6701b1505d78f44257ad985dae56c709e
SHA256

5279a1e53a9ed6f680ca0de87cd44c583e398cbddbbc7fc50cebe2e921742718
SHA512

69e7978567a639a3d5b73855d3c7dedcbd77dfab73df13fe2bf2635c450b9edbd6c364286de2651c30c2e03f1c2063cfe921848a2ea525f3d87e1efb5bde75da
SSDEEP

6144:Byrc4a6FvIFJR0tbZVEAdTKcvi12DLWy23P/lH8oh23qJuHdDm5xs794/Js:BYlauIfyhZVEUXvi1dyqcogr94e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2340	1488	chrome.exe	29
PID 1488 wrote to memory of 2340	1488	chrome.exe	29
PID 1488 wrote to memory of 2340	1488	chrome.exe	29
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2024	1488	chrome.exe	31
PID 1488 wrote to memory of 2772	1488	chrome.exe	32
PID 1488 wrote to memory of 2772	1488	chrome.exe	32
PID 1488 wrote to memory of 2772	1488	chrome.exe	32
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33
PID 1488 wrote to memory of 2952	1488	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\pdfsam.exe
"C:\Users\Admin\AppData\Local\Temp\pdfsam.exe"
1⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73e9758,0x7fef73e9768,0x7fef73e9778
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1592 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2768 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2516 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3348 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3232 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3296 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1964 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1536 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=724 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3892 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=732 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\pdfsam-5.2.0.msi"
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1336,i,17272177059993928990,7240257133767997302,131072 /prefetch:8
  2⤵
  PID:1668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1100

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8cc7859787e742e338e447e48f3f2ac

SHA1
cd4d1dc65e02c975e6bf9433fd038218f4b8bf4b

SHA256
5c1924668e4861092239ed724ff0a7554ae362046d2d4dc1464a52c184148be3

SHA512
85e7da8e4ea8fed2c3ef899a343be49abd56ce4974e470c0c18517dbcdc7a9b9162c49c836e1c81bfa142d268d61692fb257ed5cc87e000026f5ce8bab8f976b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3baefb7ff6e27e40b86f299bc15e5cbc

SHA1
a311fa0eb5fe657407f07589d03e1174d49e4525

SHA256
10d99ca8ad1d8177ed3626cd9ef828e2a13bee8a773d7e8edb095dee10ea9aa3

SHA512
561ccf8921b5a799f2b0c83fe59791e989aa9a454e805b966e524cb4b4e9d6fed001dc1c43e5a80826ecc21f025a32f0f5c0873cc3e3e831e7d22daf7d755326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ee6ab30-c84d-4522-b44e-b563df91db9c.tmp

Filesize
5KB

MD5
9e401c357f9b6036af88f15e95319928

SHA1
daa628db1029d26fcd88cc9ab86012541a17d3b1

SHA256
d144ce19fd96d98bb0ca23839cec04ac11876f46112d8ac6335bdc7391fdfc31

SHA512
d7a3b8697eb2f0d0ee0dcdcf098797a1b92c905484af455dc800072822e747420f9eeef24a0b8889a5a36c24c114ecdfcf5395d17e2e36c025db46dc56ad372f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
18881718efb38ba18596005831033821

SHA1
118e4b79e8d86910d89dc57990bb27e972c830ec

SHA256
8517baecdab718275afd55e60268cb51caa6dec6f3592987540c996e925039b2

SHA512
bd3c87dc5ecefcf45fadb7a354190cca100aacd4383e703257b0b8d11cc3ed1f281f0023a433bad2a3319dab63a978a15f0a57e2e9d4940859143da480e125ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ece3a6e3a0d1e8d7a235bedf089ed1e2

SHA1
e390f32b5e90de7526ada03afba357bbad5e8665

SHA256
37555d55938bbdf8f1505e55eec680b5cdb33ba267ae6fbe075eec5a3f55cf4b

SHA512
e0ae086e4a714d5abeea70ac87efee21394a1cd8a300cdb9dc7da844fcfbfc6a032901dc9e176cf5c7f001c0c87f44b8b7cef10cc0b8e87f1964b31328427eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
14a4ad0707921e8440e59492645d708e

SHA1
dc85348d33a6547131344179db1b6bfe677e1728

SHA256
66da4d47ae9eecdb0d74a8af14f02233ef4a456a33fb5b5907016dd05144f541

SHA512
7f834cb3673801dd02af6cf223403020d3c1cf3e0a141bf8a7eb67d6eb5cad5dbadf65c7ae9443a0024f69300c41a247fba2ab07c8f51aca5aaf8b2efb38e655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
681B

MD5
342c3f48feec460e554bc580116b515c

SHA1
2159cc460d4be834a53022a97cf0a479bcf18514

SHA256
347a3a08c2cd59d8344c21f1df817d5acc40990a694f2129cf5123f17b743b4a

SHA512
d61181d18dff70959b82a9cf0f3fae1295a17d12bee48af294040b30ee8876cd4d346cca4b863b64d63f29fa486d8b566a2e1d365e49bbb06f861eff6e9cf5af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
844B

MD5
88c891cec51ef3b86c774b1685395b02

SHA1
f47876a0dc37fa94dff79a636915e95e5a4a0047

SHA256
e38416ebf71448d01140aef0c4d7cc5c30080989382a49786712655cfae6d0a1

SHA512
d8430408a95d5877ef7db3423fe3e9fc4b2a2ed22cd33b5efd2b7c30fff08217c168ad56baceec952316d0b1d2161c9c0557eaafe057a4db30702c670cd184f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
a906def65b00f6ea8d55f3c0b93ba07e

SHA1
d5f74ddd83c698b4bb52a371cafd36ba65b56bbf

SHA256
a2c39721265b8a3b4dac15a4f56d27eb6fa5d9a0ef6e6685e62bf9cd7772b821

SHA512
7266784107dccff05c6102e734f9bfe8b5deca0362f64e173a84889891fdc2efcbd8d4e2e6f0ac47425f8cca2e6c120363d0515b847da37fec3d9c9b4017f7fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
18e837eefdb8dab1e65020178e7791e3

SHA1
18e444c0c96e5830c3c4f9605762787cecafc980

SHA256
20a4bc1d7d8b9fefec8e3de7941497b789429ecdab1fb28d0e4231cc65951c51

SHA512
ff266cfdf59a47d90a517816b63f398676c3c53c9a484df5c6a238920c51a4c3dcc0c30cc13e867d1b65738e36217b1d949703456cc17d9bb52ebacad4aec4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
045fb546a10855d948803bd881e9043c

SHA1
cd6a259a1c023553dd701c16b5e84c7c4ce8afcd

SHA256
a3d2955c2ed065db42a0019a7bc02b1d46d167351e85341b5296ca524c8b6526

SHA512
1c09429675634d5c163d9b0348825d273fd9e62b013abb6aec4d5571e90daf19d0b1d233283534fae08797bc663356fbc8ef3d9639f4ecfc064031b59df7c0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
190551fd6eb38736c03f945dc4053b89

SHA1
3b5e377aa6d32dac9b8298e5866b154e12b4b6f3

SHA256
eb6ceff49c620a8f66a553ec1e17ca7c297dbb62ab2d9d992e55714895d847ab

SHA512
f6d5e429883554fe73dcb264f0973a900fa215a1646cd951cc7b349e85cf02121bb46ed63fec9d5719d4bc6a28a99cfff53299af09b434eb659763caf5b90708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9e22e57b8ff0ba97ab0bd6605e0aee1c

SHA1
1c3a6b8656822d7d8c98b655358c3f87ef5732aa

SHA256
82c7f43778200d0e11ce3eb217e76ebe4dfd220cac699b2329e49d768074dd57

SHA512
517973cfcc48a96d25411d6ec6ac1b35c69f6d2ab6aa53bac67641bd731f6ae3fda89f2d95fb5d7e322dde25b775b64759ac23aa164fbbc740c8e8f3232ed236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
00206bf82bbe000b1876ba8c98f5dca1

SHA1
b59204e60200a0e852ed4714490979551260e06a

SHA256
62af1ce8ff48c6a2f375c0e92475744fded12c14d59919f15b610b3741a6f214

SHA512
b3e003a0068dcf1f7039ada1da769341ce0e3d47dffd216a3bc9594aa3f514971d7c908b671ea1e8934f729540e2f73ebe36231a71f56f1c7a0f8233c475095c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
4bd41993694f300dd9593edfb9f7419c

SHA1
eaf4a090673bb64b6dcbc3e7e6890cd737859c76

SHA256
bdf9c256b3b70124d1009e98c8292254b9804c3a22f49430543f1029f56ea033

SHA512
e887e78e89c6dc36cfe45d2914cda10453ff3f216c3470d438cb9dc2cb6b87e2b78c18fe419015b67d945b93026eb80668653e0b8085c44e197fb5a2884e7bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
c78f390bfed02b04ecb3497159878d36

SHA1
718b2ac4a2105fd2d3b5f0f622be51ed90da55f2

SHA256
042c7c07503e2f9536b65cc9cbfd2f0b9c2d9b5cab373d2af4d17132601d5c52

SHA512
3efbd752e31ff78313e8f238935740cb7522624a417027aa49bc01a533b4e514e1cc766a84532b358240e67c78957a89298c7d2fc7f3a32335561ed37f1c6886

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBDC5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC2D7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\Downloads\pdfsam-5.2.0.msi

Filesize
13.3MB

MD5
4c2721eb11582c0996f972b6c2209fbc

SHA1
c4b0aa2ba454564d2f61b62fdf083cd70a78a02f

SHA256
9274be935bc190282a5d4d5f0b6502342570c7e908ee6b8ec5c9e71c60e99719

SHA512
d7ba76f1ec8a31e30048e8abd728ee30d02b109e2240a53a14d6913832240b3cb0776431366b465fe46a4dde269b75ca36a0affa711dc4a8c48529a726ef634f

Download Submit
C:\Users\Admin\Downloads\pdfsam-5.2.0.msi

Filesize
1.6MB

MD5
c67a080dc9fdb4e48ab1348b474356c8

SHA1
addeac28417d0d4b931dc67a792b65ef5b6dffca

SHA256
de25ea6b2ba1024d692ae332648d3e89c12a669746523dd6ed29cddafc2fe70c

SHA512
bea4108ee42c9331db70b5b82d5c8f42f87a9176d8e3df851931d193615a8ae4b0420ed652a1f14843c195019e76249e566bc90e3c0b5e30177342be834abf9d

Download Submit