a0f619f6cb6022a661a0c699f43b2fda035f460220b6440a6b460ce64cbcb395

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 03:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ProjectMugetsuAutoMeditate-1.2.1/main.py
Size

3KB
MD5

d7c4bdae3f629a80a1ea2eae4846e3e4
SHA1

912e8dd47b96d907863412d99e0197b52a1290f9
SHA256

c9b98175043e5e753bdd0d236e238678606b871847391e2b87d8b0fb13b431ca
SHA512

22749e588e98acb7f44fcf3a60c2ce0602620165e0167cfb4a559af7950d9f60906941fa49f9f2643ac07e4f3114be98387a7bae666e6a1e8ba1d17422b64b23

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587482944018406"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4252	chrome.exe
4252	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3600	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 2672	4252	chrome.exe	99
PID 4252 wrote to memory of 2672	4252	chrome.exe	99
PID 5040 wrote to memory of 2928	5040	chrome.exe	101
PID 5040 wrote to memory of 2928	5040	chrome.exe	101
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 4376	4252	chrome.exe	102
PID 4252 wrote to memory of 1104	4252	chrome.exe	103
PID 4252 wrote to memory of 1104	4252	chrome.exe	103
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104
PID 4252 wrote to memory of 1016	4252	chrome.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ProjectMugetsuAutoMeditate-1.2.1\main.py
1⤵
- Modifies registry class
PID:4288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa1964cc40,0x7ffa1964cc4c,0x7ffa1964cc58
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3624,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3736,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4616,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4712,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4740,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5284,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5288,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5448,i,3386175892235560506,11692862059723201461,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa1964cc40,0x7ffa1964cc4c,0x7ffa1964cc58
  2⤵
  PID:2928

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a3cfb85f6561caf81a016efa99855cca

SHA1
6b8e7fee8ffb98684df45cd1e9dc469c5fdf0e7e

SHA256
78c221caf71a130bfe64a2e6167b596b47e7c4ad509ede759319abd1e400f35d

SHA512
654c1bc96282989fde038b01c46b2a912ee9f442bf5e0f1a6d13049f5f08152ca75b64396af4541f429328f3bef81af75bac1aa02d2ea5da24bdc7a77bfe2265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
684c0ece29c6b565bfcf42930352f021

SHA1
d33d4c281a7972b94d4a18ead3cd22e60e1ef312

SHA256
5a39cb46abe654ffd40f1e0bdc5ae73b2b2ededed4ac84905ccfb1f9ca9dd577

SHA512
0aecd4611d9bf030e37585c06d8ac4d9e3a7092b9d55d6f02780cab90a166f3c20ebe23884120ad56373fb5430dcc9ff21e19eadd9978432951cff7c7c92b26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d403377534ea667d06d5dbb0b7cbb8d5

SHA1
22314f4497cfab82c106c24d6683e01d39069783

SHA256
3b20fe0812c3c5ef22bed1bc41fa0970a071dcea55409a043743418ca4bcbea1

SHA512
ce34d950613cf992421a80e3a594e709dd0f6c856a0b800822176ceda969709205e8fdda449490408cab10f97dba23b083969e58d1e4e82b927d9f7ba79ea7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad8fcd39c20e8794bc4b0c3b15c2c0f3

SHA1
7c92f99788ef0cc0405ce3f45ccb8683de8ffb33

SHA256
4d37c6c10916e77c0621cc9d55d8998ddeb38d506140254b356a303454d2f151

SHA512
4672ce5d0f5c413aef66916d530301820a308dbda1057733b2628448c7747a432cda27962af1c131b613bafdbaa1797d9e9914c289b6e14d23af11767521b94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1c85f6106c0f7f079827626c46eac24

SHA1
40187c6e250524d248001be879ae549ac53c82c0

SHA256
0f3c6e0a84ed676e8919eb37ceae71277e3e23009affb7d6c505fa356e8417bd

SHA512
5a590a3aeacf6374d9375f692734df94f01f604b4db29c4ab35a60527851b8475dc133974b11398d7e55ea41a4ea0e0da31003623fc2d6ceee0398404148a21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d285105192124e7f0627da1bd4f1592e

SHA1
9962a8ccb8e8d5226627176d481a01bf6e793612

SHA256
2ce638f65edb9a15d67b0536f3a01d980084b61362c62d9b0926cfd90efbc856

SHA512
fc47bf403510c7dfeb72e80a0c7baf3bd0c5c0585680443015d945fe7047c91ed11632fe87d868b6c4e2fd996202be5a1448bb1eee974bf232b254c696ea3a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93bea36f3383e596f15e6f920dbbf4ca

SHA1
8488a3f982394fbf957d10470a783b03457b6ec1

SHA256
eb62d4071ce97c6231c6d24d5f07331c6bd2581e257933508450b0721752d46c

SHA512
2c15944b44130e308b5c38fb2b442619a7e013b08a88a025bb156c76499525c3f8451b09cace733cc99b4d8302235030031781b632001618be7b1325aa1175d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
496f392fa512f1357741a953f48dbf5d

SHA1
2adf1f110225625294ec183088e799129e6e6e0d

SHA256
9f3a3a257254ce8709474d074ec9ba8f2621b1e6c60c4b2ad90bac7c336ea43a

SHA512
c29e6085c962434d1a9bc1063aa133c831f9d80df65f4cffb332983eac750f3a3d515ad9db315df26afe8c1e2dfe2aaf3e775ae801bffb55a155887da1b23d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
2675914561e155f18190c2a8f60a1adc

SHA1
ec9d7fb36b3c3feb6258fa270dfe1f07c7b99d91

SHA256
197cee07069d045ecbddb6d495676c75a9cc6ab65e433da575d95a7dcfadecd5

SHA512
e31ab065cb2347d878f1a53ed124e8ab679a7026d8000525082d870bad0de33bbb71f7e2ba8a70beff48d8e64135356d15b11197de2e50b27e0281d9d4a7fa00

Download Submit