ea9aa4928002a91303137351bf510e68befde16d561e29d2a8746a8d10b7ede9

Analysis

max time kernel
329s
max time network
332s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
01/05/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

negativespoofer-master/pkg/Shell.dll
Size

917KB
MD5

b1f99a44c80e0593ea009e5c5b4948f4
SHA1

8efa245d6c8d3888f1b9289d6f6f7582f9bf3261
SHA256

24dcc034bf6a5158f43b23b71a16acbfdcf1597de55aa309f7f6ac5af90666e6
SHA512

c010b61f866da1e97510cbadc9cd16b9ea28cef936647f6726e21655a0d3b8667ed5e5dd8b56510d2c7a41ab69ceda45c469b3cdcf0e3cc0bde87f47ca0b2221
SSDEEP

12288:PDN7U1fqcpUkOi28O6ppzC69jAXYuDlkV0w0H/7:PVUtDOi28O67zCqUIuaVO/7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590044938811827"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 1972	1900	chrome.exe	84
PID 1900 wrote to memory of 1972	1900	chrome.exe	84
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 2836	1900	chrome.exe	85
PID 1900 wrote to memory of 3184	1900	chrome.exe	86
PID 1900 wrote to memory of 3184	1900	chrome.exe	86
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87
PID 1900 wrote to memory of 3192	1900	chrome.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\negativespoofer-master\pkg\Shell.dll,#1
1⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8872ab58,0x7ffd8872ab68,0x7ffd8872ab78
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:2
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4376 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5240 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5152 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5172 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4656 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 --field-trial-handle=1788,i,14708244264244110486,15614115332502962368,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9d4f446c-bb5f-4791-8978-10fb520ffd5c.tmp

Filesize
256KB

MD5
58df4c389bde2731b78bcf0013c23438

SHA1
c8d6dcd98b94240ba0435424e2b433b2f004a42c

SHA256
5c226106cb61562b939c65bf64d66d06de660a96af673949dc3302ab552acea4

SHA512
97c6ef4d0fba83ce51c0fc6ec8f9f4b3372c9bb6c8360abd7d75702ebd7cb8a1e426a001be2af54d997830c366139167bf34886903342a52518ae8ac274f09f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
52c4377d4eb6fb1aeeecd52d2d265568

SHA1
2613313111a37f17c078df0fcdfa03db3223f52f

SHA256
48b74550ab9e6bd4625807d3d1ea7201e07472d5662c567ccaad7a163826393f

SHA512
25cc30906cb0da1f877d6c58ef5ed0e23345dae5a2373448759b3e02245ccfa42c85cd78e15830fd68e3e4ee6f36da4f303d7065e47b5a656de59c08f797da07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
db8d49daa7a87459682c8420d64ecceb

SHA1
03b09247b6114717f4114a38b68343921d265c6f

SHA256
2506dcb3afa1d449ac13b526c399bd7f564a02183a0841b1d91f630203ee1f62

SHA512
7f0812d5d2efae6e77b09a3ebc99dab6c772ed98ec067c8454f1373d53d9fe87bfc44c7a31ef4e90b27dfe315cee870af9d50698c00058dc060c4858bc28887b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
39d7b01dab075bff3da77e493abb7b58

SHA1
c4b2f9b4dae04cf567861c7eb671af0305b1f29f

SHA256
ad1622b1cd895ee82906ade16f3b5cbf1057aca7902f888886bc42c910a01d84

SHA512
24381aec0ab142a141d502533e0295b0847dde46b9cbd8442dbfe71c3b22e5e611c721770d9ccb18066726ecd5968136a67d57b5043188e13bd4f9cd5ab2e338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
898a8cd4e17313b2cfda47ff700bc9ff

SHA1
1aa0f3bf13a7c84c5fd84289bcb92a993cad9dc3

SHA256
6adb25c4411ec0111c3ad299b1e8b4cc75fc7ac7d5b269f1a29396239704d0af

SHA512
cf602acf4b9d6a59593c501069c7cfbc28b9a8ae79baef8c565cd09fbd973f87c33b316444d52ad2439233b06f16b8d8f51bdcf52637b764da8800414148cdef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
738ab9a0ba897830a9590c5122b8f97f

SHA1
0713ff3323339cc449b466d04674037cc7d0d228

SHA256
6e5a1d1017bf0147071e9bd69a4046682de374e51978d54a6228e8841629c2fb

SHA512
13ae774c26876d45224b40d9bb9d36c1c326081682c6e4c2f51516444adf4b9125bc705891e76efa116cba5956f22ed67683dcbb1e5082b62af3bce643c901f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b78313fffa05e6f6ad2aab867195369a

SHA1
9a05391cd3209c361a26b12c3c8ced4e8ad091fe

SHA256
c4fe59e681df27347d66291a5a4f6ebe5d8bcc1c1ce0537b95795674d817667b

SHA512
a744c41f9ce325cc77c4b8b62692e73607a482659e478027c7da2a4de8b72995f92e500861c59ef6e1bd756930307dbe6b72081ac8a33a6c3349ad0e1a7eb32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
cc751596781afcc87527af91879d0036

SHA1
b92861e824c35e62f2e3886ba26795772cb3113e

SHA256
e8f4e0303e659ce9c80aeda08105294705633d4c38d8ec90babaf0daf821e0fe

SHA512
50ea051372e5994290227be5a741d147e4b7af04a6b99a314718a367d05077a2f90f10c918c32830d3927c118d2a88ad163c0f6e47725700f45bfe32b73d90da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
40cfa33a2c7fb9c294092abadb76c196

SHA1
c0c43e0d44351325548756868f020974eb55bdc3

SHA256
b4d2945d7769eca41cc5ec186507d1ac0ba322c4e7f0fc3afe4ba396e6b3ac3f

SHA512
9c95212ac10ac77e6cf94b74ae7da9434ef9f055405fd40f58aa30e7ff66e80aa4b7e3aba121f8a0137b0233f07fad7f6b55c145cbb771e9e4b7688c596c3b22

Download Submit