c2a1b97d657542e949496bc96e5a6c4e0beb101a629e7591519d0cb7e906dbfa

Analysis

max time kernel
163s
max time network
621s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-V5.0/Mono.Cecil.Mdb.dll
Size

42KB
MD5

1c6aca0f1b1fa1661fc1e43c79334f7c
SHA1

ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d
SHA256

411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b
SHA512

1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76
SSDEEP

768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

2920 chrome.exe
2920 chrome.exe
2920 chrome.exe
2920 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2920 wrote to memory of 2192	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2192	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2192	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2712	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2712	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2712	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2592	2920	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\XWorm-V5.0\Mono.Cecil.Mdb.dll,#1
1⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b29758,0x7fef6b29768,0x7fef6b29778
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:2
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:2
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1528 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3456 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3680 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2332 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3892 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:1
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1124 --field-trial-handle=1400,i,1080346662992571803,11919897271248756742,131072 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2732

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
7b0f446369010fbbc85f6f2d4ae49c92

SHA1
f26b5dd2343b21155292f42be5a9a0ac5094065d

SHA256
eb2fde4fda9a1b1d09841ad0ad3d326e7b361816391919bccf535a4acf6b9155

SHA512
b48b7b1ee8ef829fe65324e7b9995b2906ad20ea48a88f686fb5cd5abe1dbbac39e97e01f2c5fa0840f6d361fc9d9943c49a8611f3aeb063b93a7055caa9ce3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
986B

MD5
2df0a53fb5012c1bf1f426d4fd7517c0

SHA1
f3241b157ee4a4a5d084ed4593839e780f9e78cf

SHA256
1240413ff45e0cf81ef36554bc60f63fd06b99c207d60f09738326c58fc866b8

SHA512
4f024b999ed44ad37958e999a1783a8c84b50e59e4cca744db9c2d3a7f0fea26d40be6aa1d80af55b14395da0edca4c60512eb945004cb26629ed9e7c97114ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
da0a8032cd46c999985c296d3c26dd68

SHA1
ba11f85e6a96e927c5cac9468f77e26f4343d0c0

SHA256
3676abd8978c015983a51106e662b9aa6cf03ce48c74166e01b5c79da85eafd9

SHA512
6c6c3addf000599412742cbfef969c12e76858dcb191e8a783a29c2fde7fb468d6556e778f3acada2be5f3427be56701d2de5ed1724c6c0115c87d39c2c97148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
986B

MD5
f8a0a1d37dd895e25e1b0a909d77cbe8

SHA1
e7fe6837c95e7912783d1986a38e8c8a1b005908

SHA256
b3cb2279e0e77d85df0f9d6f2099f2dcffb1e871f3b0c8b15ff2d38fec76a03c

SHA512
81629389df6a47d56f63a8bc748559d050f384c8c76d16bab4b57db36bee12dd1083ddeccb6b700dc11a88e6752a5381ba348a4536b883ca1b36013c44a62756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
0e0f4b15a6d237818e73addefb6bdfcf

SHA1
7ed108c4672fedf05fc18b855c274bef556f5ea0

SHA256
0b81e7f28889a788e74a64170fb18dabd69be611b003b93f07e44afaceea4d4e

SHA512
dd511b1a6a538890babb793302db3092cece4d49a6459fa4bdbe51a71a2c726e8c33ef1c70a8287f395091784de82cfaf80a5c9b9217a16a37c2808dd5f788a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
ec4d476649a0b1a1ea16adb965b239d7

SHA1
ffd9a411c19255537e224997b9973b67fbfcf772

SHA256
8424e6e2f96aab5f03a183c6cf37508ec2589233f1d14c3f53a8b4a62e5e0ea9

SHA512
150515b9dcc27e75f5038a6d82d5470690cc95e07cb4a77b1c1a3668aec5b24da41d02b014cc0764255f78b8d78ab240c9d690e18270f2a43e9864bb1a9bcd9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
687B

MD5
6354b43f18df02ddaadd6f5e39296321

SHA1
e2550bea0f8e5f9f1e2390efa397244f787d953a

SHA256
2e2d4501a2c2f3a3e451aeada36099d802530fa103196389094e2f5a3698c390

SHA512
2276c7cb504d7fadc49ec39cedfdb12baa3dfb1ee9fe80369816857d7a8f58ec119a2b00e4783a31405b0c08be74e39252defa7e53ea4abad3e26f89d29e6d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
e2f98ebde52b34e90894bac6f954e39a

SHA1
dd4b7d4261a3969d31499b89c281a80fca0e607e

SHA256
8ab45415e6be03454281c631b1edcd485cb60c878f04b46553dacc8d07278381

SHA512
98df9a4ff0b224083b4a43343d951e8bae4d8021af30dae3017921970c583057e60933b14402b037edce32a1bed37bc7fd9ded6facf4ff599279579778eff84e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ffcc77749154dc8c0af84b209b762c12

SHA1
845471c95dcf317dce9757721392cc49a5956efa

SHA256
48fc27925bfffe02c07cb3d314887fc1fe44ecf69a74c2932840002d5ba214f7

SHA512
7bed5326c121ba9ccc47eec7618c3e0fef570e44529bd81ffeadefe65cb7a479b3a77871f604e90bf2402b2afaed9825759f7876310b28311e662c3a44874452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b78d84030a16a3d26a50108d90d3ac17

SHA1
1bb4818b4c6e40b84a1dd1cd366379968487505e

SHA256
68aeb5512e304fa9eaacdb0aea58f739e9e90f8e6110574d96cae37b798c3050

SHA512
be0bdf87406817bc05aea404c65eea414d23415be90aaf681cdec3db6def724e8ead67b9763eba30dda438fe4f2bf091d3b6afec9fc8c1454d1c2409f2869bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d9981b8483232dbc20f30041b010a02d

SHA1
1dc0af138acb74893f48e2393d895b8ef6223044

SHA256
8ebc573242eb6a59669baf23ad0132f93375e609a68239807376e4946dbe7601

SHA512
14205d77362a605d9eec6076ba321941795023681519851ed77009d9ba577152189317c9a86973674d034946ad40549c9a69bc7830575672d4c7f1d54e6493c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9b74e6ea6f5747ae05fcad7030d0d6f3

SHA1
2070df97eedf430b093072641ee33e60b679eeea

SHA256
6b44f7f3a1d29ba2448bba5f2baf5fe0632d4f13c4cccedad82aeb1f4e7bd208

SHA512
bacdc57da0989b8fd1fecb0e3104b3a2c27d19aded7b20de12f8f3a3175836c8368ab85d80f01ead66d43f3ffafe0c3a29fc6ea1c9bdd247d8968fd66b63db33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
\??\pipe\crashpad_2920_XUIOWIQKYANMRJQL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit