hxxps://ama[.]dfv[.]mybluehost[.]me/stjoseph/school/nashville/

Analysis

max time kernel
250s
max time network
259s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
02-02-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ama.dfv.mybluehost.me/stjoseph/school/nashville/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513765323567890"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4024 chrome.exe
4024 chrome.exe
3956 chrome.exe
3956 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4024 wrote to memory of 1532	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1532	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 2180	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 4832	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 4832	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe
PID 4024 wrote to memory of 1760	4024	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ama.dfv.mybluehost.me/stjoseph/school/nashville/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffccd779758,0x7ffccd779768,0x7ffccd779778
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:2
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:8
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:8
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:8
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:8
2⤵
PID:508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5216 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5336 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:8
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5212 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5816 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5892 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6080 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1528 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5672 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4700 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4632 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:1
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 --field-trial-handle=1804,i,16431683528379286757,12611699977826833992,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2804

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
24KB

MD5
6764278eeb33ebb3722352b04bb44dba

SHA1
326a7eb5b408c721827a0ad620e13e125ea9f8f2

SHA256
f53f95389dd1a4ae1449c2d40317ef650acf99e346a4bcd1020147fe7afa2322

SHA512
b27cecd70ad91def7de9cb20985ef41502ea7479333e47111e26d9db8b5a3380b64ebfbf3a677281fd4b17e04b5cd6be32f6ce7ab370b3f572750a3975fa52db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
21KB

MD5
3ef18aa3813f53469fcc7e7dfd44ad96

SHA1
653abbcdc532b44f2df8069dca5af048e8b3f800

SHA256
cbf3fdd34adf1da25fc609723d543168a7f101d46a855c906bc8b0b00b02ebeb

SHA512
171e85bbbf9ad4d5e50bc4d51f0437bbbbd3bc22011286bf9ce09c20f5b723ed21fe09c9eb9c520cfc55501841c1004c2bd9aa869bdeb1c11085898ff2ed94d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
193KB

MD5
7fe2c36271aa8065b034ce9efdbd2a07

SHA1
e22ee654cb122d0d62393dd8d6753d2bcad148a3

SHA256
02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34

SHA512
45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
Filesize
26KB

MD5
f237ae2f479112e412386fb2f4668f44

SHA1
af71c99480c621ae54425ae448c7cdd732388756

SHA256
b2f3d79f0bb5590897600fe167d894e318e43542dadeb8ca7b6fcc0f1db8dff5

SHA512
3ac74b2733d1e7c922a7b68ae157b233b512b116d6fe6067ffc5c5c26f47095617467cb7e007a2d96ee9fd09815e87754bdcc2e27de4d6709ec7381efbd3f3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
Filesize
39KB

MD5
568cc44374469da42002056a8d18bd20

SHA1
ad89259931f14b9d49214fe6da6321e2bdadc89f

SHA256
c39e2249942c842924c22735588dc703bd738ea310d318c5caa4027146d5777b

SHA512
dccc69ea08f26cbef4fd61900d1b86ecede1a151957e6e48e66cea6392c7a567ffe1a96aae48fc6d17d53e570cbbc46301a1b7a155294301e3d62c1ffe06988c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048
Filesize
72KB

MD5
64ff27ea0129d9c2bfd213cf6c352d3a

SHA1
14710da015d3c654776e955ecbcd6a8e213e799e

SHA256
45bee4a85bff4bce969dcf337662ae4758e91e677289c821b51106825ddbe5d0

SHA512
f6d7e1ca509e94cbce636166052f91442b05ae602dc6973c9d388ae5e67c96df0cb2e1bafc0d73c372d64771b0c7f817090292eed267ed8039a63e8fcedf63a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3b0d542c1acb853b3b7878e492ebd6dc

SHA1
1951caab811db3a67fa5084cd4a3ba85f387bb8a

SHA256
c94d69affe7af9784fa5949513e95ce2beb055facdb3219436a874b99c22d379

SHA512
01492a299b90706c176568686edffc26c53ca331ba504d9ca58514a92fa8e3267e82301f2929335c2a948371e0d11a19650d30ecaea8f90747029d2d8937be9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
b6ebb7883b844701dcbaa8b2310a3a61

SHA1
98de2709472d98ce6b6d619731c7c6296cba6e04

SHA256
8711c6aa463c10ae6d6660ad8d5b9d467b31bdbcd2f5e134edc14e63e0d4f629

SHA512
9b8391e610418c8d521fbb74638613e64a76d84b2e32389d8e446e5db1e920883bb0717f87a665faaea125170e7ea4d70759ea25a0c141a912f11eadd530a4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
e1174cf7dd98df24e05be5bb18f10f5b

SHA1
f0b9470c9fd3138d7bb4ed33ed3ce884f4e206b6

SHA256
251dab8f0aa3a75286309b833bc420b6bff339cefbf311f1ee35e9c8661ad0be

SHA512
d51687681e4098fbe426769807bcfadbe4a1dc8648764c63601704aaa6c273277211e65a7801c5df4faffa9113762c38c5ba060d84ffdf50ded2f9a84b5b5768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7642bc591aef34e3007c23553c16d97f

SHA1
2094a6e21fe4e77bc28dd384b2cadc295079476a

SHA256
969db0781e4b44f4d92901c4bf7ef591920fdb170f1d7a8d4a94e6145b466163

SHA512
896b4a1403ba71838752ba66d1c76f743dd03212fa639c8805a2df91ff75cb66207a628e59f73da31fb81340dab126fb56220eeef2ea03e120e893713c4582ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
808a8f5f0c3eea8e3fb7faf2ba6de842

SHA1
a36de52f8ff1ba3861a60a27255de61d6e00a141

SHA256
1d358817e0e2c9150763de1c207ad74785a6cc3609e4a9cd7c51fde98a76c851

SHA512
55f9f14388d0d9212bdc169e900b88bde41ddd5ff04b78581fb3042bfd0466b9c53b96000775025c46ddbbb82212ac4a9280d3379319be35f31168450d1c89cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
878f1892b493e42e75fa467795ea527a

SHA1
c9e728b2f186d701c353e3f5bddb0edea9a62b05

SHA256
21be2d3c69323576c280f6d81cf0b1ba6337c697ad7b49e1b5be5f97c9fb3871

SHA512
4f9bccce26270d14cf338925c67242ad78af2dd911ff0995647f2d51d59f9bd4d17f5a50eb4787c0dd2fd0363051d9dbd648ce47d4103c2d082bba6884b7d50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
96efb227d5b9b5e06ee872fdb3c1f99c

SHA1
2e1410ff6a941712bca701907c970a0d123786f0

SHA256
8cb4a64d30d5887b4a4feedfc2d00a4aa2d7ad1ad1924c19a288a01ba1165d65

SHA512
e368f22b7cd4e4d8c09ca1d9115efb53998edcc30138e56d9548eb3c5d7448e9c9008410306d26990c443c5cbef4c19b3030238be554efe690f8a52321c46539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f62bd274f2297538d629bd150bc8e362

SHA1
a5c5ec787cab623d56ffe5c454ae809bd21a49fd

SHA256
56976c755f53d6683002a8e2beff03a737d5bc711862c93030c5159f4e203543

SHA512
44ce216f04ddf03723f5c538372ad29fb7dfe9ce3566876edfeee8832f979fecd16b94643da2aa646784158475883d598a1658fb73bedb502d54662c8f48c6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ef9fc5f1ecfb721493ce65a7a2eb758e

SHA1
bbefbe13b8168a7fe1b6ea6bc40e10bf06464e8a

SHA256
d8406c4ceca1d25629cc0259a9016361fd2e17d43a50bfb3e546079af6ccb85a

SHA512
e8a608367597af946e774e3a2035d4d66623555415678c5772bcad7e74385eae96f8bfbfdfb028fa85b7f5faeb1e04ccbee764b4fbc48c3a745b289e4d86b61a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
18531563b9c340159bf2abb1253c65e6

SHA1
6ee9c5c2b73c599d52281dda1b1e85d932519eed

SHA256
4cef49d5e308992fb9774c7ac810cfe9623f8624580848346a4c49871a95f4e3

SHA512
5a6eec5995ac26db6c80d30359bc36c38d397d82c4d2960706f84ee9e5bd8cff07e60734c5c63ffa26bcb0a6e23eb903a2c42c5a40ff23d7dcdb2507f682b773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
fd639ac81d72557dbd6b413d7db90289

SHA1
1b4345fb60a3418f2a96c3f8bb339f639259b58b

SHA256
62ed1e6fb3374ee993bdc830864cfad978eace5ef3f9c7ab8e0b8700d0914a40

SHA512
70d7ddf9db699794c99a98993455e7efe6bd5b4d4e1eea9f9812b036fc7b6cbd21ec42cdb93b4b380734030b7890d7315e42dc2ef04a5cb62c6fc25cad8e4e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
64c142234f223c89bf4c3fa3b03422bb

SHA1
e31562fa0e35b49f34588f031969b9ec9e07c7a9

SHA256
226f0ea2f739c370331c3243f44b4343c5874b8579b545806dd5369bbfd4361f

SHA512
4532cf0848ee9d374a3c78734c740266fb52f56c62f611b82b58c0dc5f8ab853caeaea7799c8988c279f299e654e8459b3ecf919b8a30bbb909bd8e97678f01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d68413242d8dee77fc76700e392a58ec

SHA1
a5c076195efcff95e493388f757d8e90305c0e24

SHA256
8b9d053019ff34defcc81f6a488f8f37a828447ac41c6cb8484b795c81a1b144

SHA512
c9ff43d74efc8a98df0799d85a723c62750cdbea60d22f6de345dfd70593223da344da548e676771c76faec4c118566379c1cd057f5d79850ea8211f45e0ac68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
8b7b5620a56c54e5b1e3f816d5392b23

SHA1
a164ee44c8f1938dec1295fe6de2ef0d4e4afb28

SHA256
5074cebd7728902714aa0a241cc1b7cbaec3c8a1ad8a8b70abb60f58f173ad44

SHA512
38b7d7ce951e608c11a8896fb92ae002e0d4fb5d5651534b74e735e0964330253c75dc789ded6477b237d55b88191b101891fb34e400274a082bb77343a8e975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
10b6c4f23c0dca7202fcd517cf915e79

SHA1
e0d0f9daad17dd1e6fe623f316f78b99f586da9a

SHA256
8fae13e99fd17c17d476835c12ec953c6ffbc9084c87098c0f98a3fed3cb6a13

SHA512
df5e3e1b157b42d5aaabbc91611de9d12cc3a217b9436f628567582329cf82398fa42d94df12c4f50509e3fb063d3d9540bf8b8e33429e9903afaa43441f2010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
b9eee38d9e9c6f57354f36433caaafc4

SHA1
07127707816a51c453399d1bc974d497007a3d62

SHA256
d810dfeeceffc6dbf8d510f574ef1551d5bcaf0f0b7031a0f7d9fa6093f26a32

SHA512
b2e10d7db136b56f4bbc40ffa205568c87ff26f73a7ed6e9ca44f7d715dfe6838b804d35ebee17b5fb37ecad1c409fca86d6c294eeb5f5dae165c47c9988a58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580c4f.TMP
Filesize
48B

MD5
18d45e96b8388437b3f86e0deb7ce783

SHA1
95d3fa40ecc57606c68bfc5c5c7c585d8bb2aba0

SHA256
f15a1b54bc847e7ba0350e569c3e0fea653b8005f2f1e38651b4c93df9e38893

SHA512
f747949ec586fa1ec617c39e7a32cf91a9a9bf49883e2807b0e709117d8a273dccc6dd35972a95c87ecda04bd793fe2e1114fcfae6490bbfd90b0bc536f2011c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
99661b6d4bac87c88997c07110b94230

SHA1
2fee6344715fb9c3f0628d42a4dfe6dc52d8fb8d

SHA256
74c58a374e21fb7df6278ca6cdf713faa1352041e1c43b42d6398695c88cb6a5

SHA512
05c720d00a7c54837251c3021c004a8a66581b1def9389305fa76d541e752d8cba1a64d55d93b91266888c7bf08c2a03425794c20608cb16a52174964fa401d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
8891d667cfe7a7dc9662cae83b658f76

SHA1
507c0c2ebbc64a8f1551a86402d85cd7ace26c92

SHA256
84efbb8ab6160601ab843c864cf2d00d62e273ac87fc9f361cb0603b1383fead

SHA512
7d19afa194ad5c81a2cf798c2452397bab7a1f0ae69e568820fed13422b048af80fd21f9ff4a501a6474ed8cd7c294c542f95cdf364ab09ee70f051268d892cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4024_LVEXDBKFPEUOQPUI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit