hxxps://cdn[.]discordapp[.]com/attachments/1229090661018636419/1230243174010851398/injector[.]exe?ex=66329c3d&is=6620273d&hm=3300408d045d17b930acae0be33c3cd3ca93bcee08af1f54a3fc483bb21a40d1&

Analysis

max time kernel
178s
max time network
134s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2024, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1229090661018636419/1230243174010851398/injector.exe?ex=66329c3d&is=6620273d&hm=3300408d045d17b930acae0be33c3cd3ca93bcee08af1f54a3fc483bb21a40d1&

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tmfDzbgZiBKkUulY\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\tmfDzbgZiBKkUulY"	VCmum.exe

Executes dropped EXE 2 IoCs

pid	Process
988	injector.exe
760	VCmum.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\VCmum.exe	injector.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578570884047602"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4041115548-3858121278-1660933110-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\injector.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
760	VCmum.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4528	MiniSearchHost.exe
988	injector.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1920	2032	chrome.exe	81
PID 2032 wrote to memory of 1920	2032	chrome.exe	81
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 2900	2032	chrome.exe	82
PID 2032 wrote to memory of 3260	2032	chrome.exe	83
PID 2032 wrote to memory of 3260	2032	chrome.exe	83
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84
PID 2032 wrote to memory of 4836	2032	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1229090661018636419/1230243174010851398/injector.exe?ex=66329c3d&is=6620273d&hm=3300408d045d17b930acae0be33c3cd3ca93bcee08af1f54a3fc483bb21a40d1&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc32baab58,0x7ffc32baab68,0x7ffc32baab78
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4608 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4632 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3864 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4752 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1644 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Users\Admin\Downloads\injector.exe
  "C:\Users\Admin\Downloads\injector.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c color 9
    3⤵
    PID:2964
- - C:\Windows\SoftwareDistribution\Download\VCmum.exe
    "C:\Windows\SoftwareDistribution\Download\VCmum.exe"
    3⤵
    - Sets service image path in registry
    - Executes dropped EXE
    - Suspicious behavior: LoadsDriver
    PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1860,i,402606848091321892,7965727697925414233,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2864

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1b29fae182e79aa8ee6c3603b23ddd8a

SHA1
b159da22e4ea0a88bc96e9ccf7146b0cd9c74eb3

SHA256
f1e7b2e00404c7f9a196886b2f852820a1922910f2dd165d8d0431bca08325e5

SHA512
2fa933a61a3081c38a5e093f516a009394caec26a3c60cb4d666a5625d193d870de2af2d35186bf525b0d3d39869b0aa72a28c1de9db50e587a4ac69adbc1fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c6d9a8ce7d1447e1876532819658b30f

SHA1
a93b0ba561407c23650f4a6c63b942b9d1722ffd

SHA256
ac1d0284ee662f7e15ee9f9133663f7afd3ed9dbce2449dd204c24522fe62493

SHA512
f24699a3878d86c14933227d83087ed85496898121339f01e206cd4d89d84ec6243823ca0d47685914becca9b6c7965418cb9a518212fa500ff28e9378226433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f035396d13ad799187958d6b866b1c92

SHA1
6c8a4652fc204daa89303c682c1e126a6fbe82e8

SHA256
1b4c11c9c9d752bb65d46d24f490e869bc662dbcb12503e3bc74cac863c3027a

SHA512
2c86438a6011eb834df35064e74c90415c0f3c16299b197fa6bf990ac8bcc010f667224b86af3f3338f5954624eeed28ecd825147630551adaa8b6060f49436d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d483508de671f938e410395bc36e1bdb

SHA1
6ada1d9a231dd725a487cbdbe2949ac2032303e0

SHA256
e6bdc0cae40e47d87a2973c2e543cbf285084e09bc8e327597633b50736ed930

SHA512
b65a96fb2c590eb02f612e9eacc86a23a6325f3327fa6ca18f9e92ff8bed8eb724ff62b12f9e83ddd139de108006f97eccccea02d92b2e84a651a3b8de6cd283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
d9cd1ad7a47601030ba99ab65d2c734b

SHA1
c71af4ba7da229d275c4cbc94a89dab484718036

SHA256
917645ea945738c3c1ab68c160fae18a6c25738281924f1d72a0794fa63983fb

SHA512
3458c54c55dd4ce39d047a8ae02fc6d2ce0e138eca8257303f26ab65d18853f82fa1149cde97265f39ad2f66ed981b8b2bb43d109ad71a9963dad4984b7140e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
98c960478e7a1d81775e8a79b848ec08

SHA1
fd9e3ee655214fed98af2e2bb62488859e622a1a

SHA256
cc85838a94218b743016b35d6e5da1931fb36e4e7e34569378bf7cb9cea7208a

SHA512
109dc258ec4a23a89a8bfca5d3cc6e9725a5ce657f06d6b7cb1bd2450b396db93c36d36b390c2de9f34e0e72cb4ea07b27341fe6e1797dc978cf45eae2348801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
849a9dee58d653e6fb5e347f423907a9

SHA1
97e86f715b290213a9057e57f6f56641f1d283b9

SHA256
1f12a8f0cf6acab98c59b13d776e21ab35cc33ac0db20b83f5cb1abc3b9191f6

SHA512
131cdea744af8a84630d4dfce6dea8c0823d71dced0f5fc553361e7262d115fe964c3661dba75510120a40cee00584301ed3d595c73b4c7c3a4a1619a7f6d824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
f8a3e5175e18bae216d90319c008483b

SHA1
0361c53cfe81c8b257fe44ae386d7fd5ba3fa7db

SHA256
1b7d5135e960fc379be8bbf468fde6e1dac1bad598edb499e5b3311aa408b330

SHA512
3f203acb44e92fc9aa86b35e89688041609142151aa27b28f7711c8d129ac86a504eb49c33cfa68c910062b7675431267ff0699c37b0f160f750f92c597f1fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586647.TMP

Filesize
87KB

MD5
cc0926649fc1ddc71f2fdb9cb2100ee8

SHA1
e3406b54916bc5bec2ae257dc1073c9664dd00c5

SHA256
ac7cf11636ae353a3c414054f47e2b415615e8b164bcc8912743d13f4a69786e

SHA512
e8dd11434443a66aab31e593ede1f375fc845481c93c7da5770504ee2a81ba49dd8f7ddd8cb1f0bbda147e63f7bc2542d22cf57a3271435a644902ef31947b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3c1892e6780d912473fd29f8e9e38f87

SHA1
6e922e54a131c34b85b92528f0433883dc37f96e

SHA256
5f254a12fc5b6e40e40628e7c8f767b09b30564ad8c507c2ae896bb14eb6ee71

SHA512
955dd779f96dffa9c37077beeb55a25b5113ae31c3969606d68097e3c5ebd3f59065cdcefadd2ec0225377c1a13f2c69cd5786be99b7f4ac130553e8c36deb05

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d03385b749f79412bd1a96c28eebdd20

SHA1
da0beef647cb6f268c76bced218c9e4367432e21

SHA256
1ee1e8f8e279f38c81a566cc3b9e93206367ca91e74f4018e3735eb9b3a58759

SHA512
d9bb49224635a7baa5702913961a0b2279e0dff3c64c8c9b3bed43c87a449808b325141298eb64efeebd8f8a4478f9ca89bf831d5239ff8325000e809a744cf7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
2f8ecfbbdfe7f399e896643943de32e3

SHA1
a377d51ff71d7862542e7e401e9dbdd5a854b555

SHA256
2c4693d84a31df1db9eaab92abd1c0e70b79f6ef96372476b38c27621ffdd2f8

SHA512
4816ce5c6a204b554372d8e391349fc8137b4fbbe316d5fd4b02ba3019e98acdd96727cdfbaf585411ad73a7202c74534fa2691c05a3358cdaa188c1fb96ec8b

Download Submit
C:\Users\Admin\Downloads\injector.exe

Filesize
507KB

MD5
15fa4864c56c1bc724f1098aba8f08fb

SHA1
faad863bfde036ac3ea9c65090fcdf8716d8147c

SHA256
3de2e86dde2444292306215c1082423e8ce8f99f5bf6e036dfb07ac32570c993

SHA512
75b5bd9273078823218cd061cd62d7cf8a8dd98d9e656007998dec0703169d738c760bc17ee51d5c89065c0b43d41e67e53cda3075d228e26d440d099b7e8465

Download Submit
C:\Users\Admin\Downloads\injector.exe:Zone.Identifier

Filesize
220B

MD5
2c35c6b9a5e9c159d04d80e85f5f63b7

SHA1
d42ac6e0cb37a5e5ea8f44738e87e383e768591e

SHA256
4f28e43e0992c529afaf493030f86427f3ac6c39acf320afe6599fae6ec36726

SHA512
011326979fa450223e5b1681af7bb2e1e9b468eb6f8c11cb20924ac2f2345d2818aa60ce0a73c9940733ecbdfc17b54f8975fe86c039a84296218b57578f5c4b

Download Submit
C:\Windows\SoftwareDistribution\Download\VCmum.exe

Filesize
100KB

MD5
9886a738e05f8a8fe04e9d0c81cc0909

SHA1
f659c6a123eb11f6f34f618265dbd54a9aa7f5e3

SHA256
abf99bd1d851c4c7015b999e81fb080e7e1147973e6a3a77c8ba7895cc8abbb6

SHA512
0d3b9e9a1a38efe1e963b929a33a8a13d4636d8056ab04fce958333db983b9fb401946c9b6990d18e9c2e2d4c2dbd2fb6aae5385e4234a5d86ef8adb98d56a21

Download Submit