986d50ec36e6c3e0a0b084b1af3f7f9e9a83af80ad199bf494b292277723b4f8

Analysis

max time kernel
124s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

index.html
Size

61KB
MD5

4691392cf294b972c6e9e5ee5c978e4c
SHA1

2307aedb00a2f99b81959bfd0ff2fbd1422bdc5f
SHA256

986d50ec36e6c3e0a0b084b1af3f7f9e9a83af80ad199bf494b292277723b4f8
SHA512

b7fe653799f60f7cbe2dfd3840f7b4c0e42ee5e7647200f6f7ae7c952cae4ec392c07d4b0111fa0b9413292d1e88b9a41f915b015bbd5e94fcedbdc139e8e2df
SSDEEP

1536:KXlD7o787I727JqsdHqsdh7yCX7JNf3NfXwI:MiCFNf3NfXd

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3212	1986REBORN.exe
1152	1986REBORN.exe
2120	1986REBORN.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606575523341421"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
3212	1986REBORN.exe
1152	1986REBORN.exe
2120	1986REBORN.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 544	2692	chrome.exe	87
PID 2692 wrote to memory of 544	2692	chrome.exe	87
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 540	2692	chrome.exe	88
PID 2692 wrote to memory of 5096	2692	chrome.exe	89
PID 2692 wrote to memory of 5096	2692	chrome.exe	89
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90
PID 2692 wrote to memory of 3356	2692	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2911ab58,0x7fff2911ab68,0x7fff2911ab78
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4716 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4760 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4472 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3328 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3296 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4972 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3272 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Users\Admin\Downloads\1986REBORN.exe
  "C:\Users\Admin\Downloads\1986REBORN.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3260 --field-trial-handle=1880,i,16409259756767043777,17876029065955917458,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x2c8
1⤵
PID:3256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2460

C:\Users\Admin\Downloads\1986REBORN.exe
"C:\Users\Admin\Downloads\1986REBORN.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:1152

C:\Users\Admin\Downloads\1986REBORN.exe
"C:\Users\Admin\Downloads\1986REBORN.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\79796224-d433-4174-8bf1-e2fd8fde6bff.tmp

Filesize
7KB

MD5
e289ca9a4523d4ae2ca76ecbd4ebbc91

SHA1
d0dd2a4db41f67f96295ded6b8a0750855a69097

SHA256
dca77b3437672a979c680182e96d454ca41220d52edf9be2e571b0347c4744dd

SHA512
53014f7a18979677e57805fb33fc69c07dc1ef34e76636caa75b6106f995aab48ad072b90f0c212b7aff3d2c41815abe073df6f4fd679745ead4d77012845d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
22KB

MD5
382c96e3d3d63b2100dae5f150c66574

SHA1
6c82fc6c088f53ea551caee504c83f2dfc3afb07

SHA256
798151110ade7566f64e842ea046a6f3e3464aa0e9a63c5829549d7834d0097e

SHA512
18336998dbc4c5dfd0584acf63a2be71ebde29f8588483c07a86b4867fe81b9201ebd79e5c6cb427adbefce039d31280933b13af5af7e02a5e3c1de27eb9f336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
456B

MD5
4d83103899e697151be831d100f75047

SHA1
e60df1e5ffae62368ccdb5fea78eac8efc67808b

SHA256
ef0be7197ded000a629200ab4d4e785243ea7c06198da2891c6ba94508759ad2

SHA512
34a15849b9833b5135d213465a4f4b8c33da6f6185c9ea8f2959b96e17637dccc7c26785e522d9fca2f02254172846ddb0fc8d38d348e964c16b8667369d6eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d43cadfd6eec09d867aeeb66379e350c

SHA1
bd7cbed6087bd04bac9b10b3f8f17cc2a81dcb14

SHA256
18da0328c043b518f4d422a406215a5a772918569b0a3bcf5f8cb3d3963c54bc

SHA512
370a8090188593dda6507b984ee2c1d19164f865ceaf1cbb2378967ebe04df3c9a6d272d9e3e3c818479d2d49ab1c9931480d0d1a1890a6a0b7f93e990e0d487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b57e96975778fe4b691087cad666ac15

SHA1
b3a78b0ee923c9432cef738774e47408669fe245

SHA256
d2e96cf4ef2acf1da0b373ce53a1c60ba9c9cc17daa1d881c116cfeda82a3fab

SHA512
5d6fca0084df93eec8392dafa628f5f1969551fcb6a44fa97d88378836cf869e73952ec4e37592f817d5ebbde3b15276fc2c39b9e209bbdceac19b543d678f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
3e0dd8a5342678990d8595b5a81f75f4

SHA1
d5200c5330fe2b237c5311ef93b76fd811a66f83

SHA256
915c76bd31330e2b2c5417001ded1f6cc19f16917024ade5491cde41892a5658

SHA512
4c8f4f08cbdb8f1ed5d3f327d6d1d8995f62e0f75baa7dbd8669524452d6f794c67da1a06d7309f8a13ff45367c742593bcd96e146f4a574f9bc3db3f65eedb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
525b0cbd2ff9d737fece24ec7769bf6e

SHA1
b6c99b73937370bb3c5b5f99c83ba63cf473d1bd

SHA256
b15f46deffa1934ad0f65c8fd3434b1f193d0356f69eaa302034defe2189f52f

SHA512
92ffdf9598a3fb951bf7c93fc98b1ef2676a7c9bbbe795e31c877e1c25b0581905f45e98db0ff43d4ed83fda346d524994e75093d07869672979dec0c5ba52a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a2c3e3db8c1bdd93a4360448d781ea6

SHA1
35935313f438831050bad0b9cd8932fc3aa46928

SHA256
81158ca9fad1890a5a4334e43b8e141764a660e32830183b687ea8ab725806c1

SHA512
8495dd0dc4a3ec39661a19628700e7f1610437aed4391a91fc7eb29a7d7180be19021ca37028be8a9a3359b010c60f60f66e3f39fda3e0f1a08b5c2218947c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6d0432e514337b1a4fdf24bbf668e69

SHA1
9c8458ef877c8d19379d7f4fb8361e6da4ecb71e

SHA256
14d4b0c712c288886ee3966a31ccd911c257ed541ef2f2dd99a3073dc601dc85

SHA512
7b3964b6821c8643929958515564c32dd1dbc047e15d089d1555f313464871261870bc579282ae6b51b091bfdcadff67a050aa8f2b9eec58c82471f91d1299ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a10c0886359907e41f7abb47ad27f96

SHA1
f4d1b2071788f22452b208ade794016992f1a61c

SHA256
ef0dce6c2f70faf13e15e529b06c81e0cb60feb7c458fc99491cfc380dbade7c

SHA512
c9ccdd029fcd40a29daee5e31f44ac1ef6495257fe243ffe124f50d5ae3b7c0b79fb220b86f775d2c12b06017df25353da10566884f192139b988ad5d6bf3b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fb3f1cbc8eb8ae66b2b8b58032f2c756

SHA1
8c62f032ba7c46861b0557acad7dd0274426a77e

SHA256
dbf952dd749fba84c50dbcdb1fec1e5e08e357f8a6c85d2aaa78bc1e691dbc12

SHA512
9663e9f01ab87c3c2068082e84d8560f0bb08c840d549b8e46e27fe97a1478144d0f13976b06bf0b4ceaa3680bd4f22d8e98c531204cbe8bd4c3336ad882d717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d242d0c0ef0113beae919aefd9b2cb9b

SHA1
3c0adeafcfaad3e327c1e9ca49d0ac65e16a78b2

SHA256
84da7540224dbaa067a50f058aefd1cf0480298f8ef3a11c884f98a40c8c7394

SHA512
c7d6842bf6c7266bdf77d9616374b433d826c39cdd03a5e931a11a799a1f27f30d23844d873541f66f441b2f4131cf1217519cd9dc9faeae42d01cc5d3637c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dbcb8797-3e6c-4437-9547-3be0f0e57f80.tmp

Filesize
7KB

MD5
a1870e408c6dfdf8123a14f71056f951

SHA1
cab6948ab6bba13d1a75bb66739bee17a25431f7

SHA256
4a2882afefd2d34f31e2473c685dfba83092691ff7d88fcebfadb896511d8987

SHA512
5bc0f6cf3e5f62e036afc1b01bc6f0c88c09574d70c084b23d4f62700e156fdbf9a7e1b49655f997ef55b61f8ef3333ecb4f2282168ea9a8715caa893197a7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
16e53d3d100bd347acf1f1cc658ba7c8

SHA1
adffea8eb6215056c62b5f5cc44f4e3d9cda9524

SHA256
4e6e71a8f35fca03eb0c6c8f3b810585ce0efc99483084382d83beec4ff52760

SHA512
15196d9d6549847a4a0bc47258f387e2105883e7ea9b23d019b1d2352fd6f8b67ed12db86059bf5dd29fbde4061a56a8d1bb2bb48782414c0f9515b03302a52f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1d176a975997a851d1a1c315f31722f8

SHA1
3a31b3cbcb031d2c06ccc53619ecca0fb5e3046f

SHA256
43c4a9842a3d06fded611d5627279bc9e17a3736996fddc742a645356e5df017

SHA512
c26cfb51cd298824a645f36c07e9ae661abdd53023a97071c355ebb72f9e3cb550b7e5338920fd18f7e14b8c79885a85f5e71aeffbeb558ee8c71d527dad1343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
35f9a163cc478356faa978a8c04efcf3

SHA1
9eb6987267c329d021dca4f969af7986021032d7

SHA256
31af48ac979d03cfc567e72c09f5e2102be4e8757153219de098351eb4dff260

SHA512
5a26de26db6a14c6ceb20ed4a5a7540020a2443b3515b75d871e571b7e5597231d3cb88fd8aa2b3d8e80b92abeb36ae34aff9a371134efbb0e017f97e5c92023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
313538542e19136e59b0f43b619ab5fa

SHA1
e8c649baa18dd7295404eedd7ddad1e5149605c9

SHA256
131af5ee1deeaf652f9466ed3e14146020ab7705b6094998fd650444bbb3dd88

SHA512
bd1468b24962dfc6794874e8ca56e05b61545223b1792032f61b6fe1ed119a805e89f671f769a89b2c2b90ccbb159b91b3e44db852856eb00ff3cbb59b827222

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 897149.crdownload

Filesize
9.9MB

MD5
d6d48230766b1af6e45f5655fcd5833f

SHA1
03e28d24c8884483105c8368e3a7398bf994187a

SHA256
49c1ed66295c6fcb23ca8f9a351618c3873583208aeb36bfda7d75ab178c3d77

SHA512
53506118a70306ed672b85deceae6798b606a1652cafa00a2ca3cc5e462ddc0de811ec216b6b8802ca071d453f612bd5868be90efdcd2dca651219529646bf05

Download Submit