02cb95700440b100604ece78649b2ef41b2b7ea8ff68afbb02a01148a3f7c106

Analysis

max time kernel
98s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc
Size

507KB
MD5

5f9f8ac1f749b0637eca6ef15910bf21
SHA1

dae74fc73f98b3b9b6fd094ae512b71e499e3eb5
SHA256

593e4acae0c1e2a708cf986adfd0f4e59ec356c1031a97a65a87404943da94ff
SHA512

6b54f42a83797f332146a9c46a2ec48bc1f00bdfde6f2ff4254ec337a7f6e46d4105ee6f9bf487929323df97f3d633ce2ccbb15866d46482fc1aeaebe14b9d08
SSDEEP

96:TAy6k2M3jwlgNqvoMhx4FAcx4AmGLGQSrWWWuHMIkJMbRVPkMJbxjz8MwKz:srM3jwK8vIfxDqQSfhkJmPkMxw

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeWINWORD.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641651805584484"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

1492 WINWORD.EXE
1492 WINWORD.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1792 chrome.exe
1792 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

1792 chrome.exe
1792 chrome.exe
1792 chrome.exe
1792 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

WINWORD.EXE

pid	process
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE
1492	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1792 wrote to memory of 2084	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 2084	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 5100	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3308	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3308	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe
PID 1792 wrote to memory of 3776	1792	chrome.exe	chrome.exe

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeec3bab58,0x7ffeec3bab68,0x7ffeec3bab78
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2760
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff78620ae48,0x7ff78620ae58,0x7ff78620ae68
    3⤵
    PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1948,i,12536298478594944357,12688768395463617412,131072 /prefetch:8
  2⤵
  PID:3100

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
cfaa4e62ce3b230b208a6e1aa60d0633

SHA1
4d2fbcd8ccb2f0b3cbdcae6c157aee5001aeb33d

SHA256
fd11951169b3d1837f3af9c5a0752556a92ee66eba15b55fd447c7276806d416

SHA512
c7513f81b8718c2ae5b13a01056eb5e2a766ea7a8c4fc8862ec313f44b5c286d78ec4484062451bc77a7268778c3e0cd2ff58ce95949eecd7af17715c990ac87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bf5ea56ef8ab6e794243c423be7fb5e7

SHA1
75251a60c7a2286be0a16a422582e69815a89660

SHA256
38bb4e7a8d9380a1b5ddd09f68075a80fb5443f0dd04d62866c229e9486cb6fb

SHA512
056806f178631445f499d808801beb85cca90795995b10fc6191234d16b1c4a078537e4bd2730503a7f25ec68512111e29925c8dcb75791c755dc31a35cf6321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
27c6b8f26b60a141fd008abbcc0a49c0

SHA1
91566f2867b713365ce0461c326b04aff30355b6

SHA256
463e356ffe36c0c98637e3abc41b70d06080eb73282dac089cae222e6008f936

SHA512
a4cd780b8ca1fa8ac508608d7a9b12e49b813397a2cdb8f33272a89c1f08a9d3fa3fdb2de55c3e92675ce53aaa8ee9aed2907c176b7c142a56ac13a06edf5b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4190efa050c88bc87f3663ac92dcf002

SHA1
bb4e84af2a3c4bc849c4c7e420fec9152c6efae2

SHA256
e04e4a6a258c0cdf6ab21fb597dc0752cc5f11dfb1cff9bf5b490897259701ab

SHA512
32d9f8ddf0e1f44a20af6e8e1a9545a21a190db0f65fc9c419b88fa4a6a75a4b2b4865d20cfba9f4271ab7dd26e5d81fc2f5b5ba1d2cb67734783b1bda110487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d725faa4122222528aac69a2cd2437af

SHA1
ed5dd8ac5cc947eca8479ef573cfa2364e8a3170

SHA256
d69e1409f7493c5c5351b616465b260343799d17aba884e8ac9b9bc1c2307f23

SHA512
7870b6a53b0ffb85185f1daeedc576e331f53c3483abe7e15c2cda3f6e34539bc648f8e44121c56d2ef05b18f2187c1fe4272f7cd2213df66ab37d337ad55bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6322a7c15824af77c6de8bf58cac04c0

SHA1
843440745aa2d1c82c299a07d6923aff19919088

SHA256
37b3b084e652f4c01bb1a39d2d1579c157c71bb557391c4fdec9fdb2d716bc36

SHA512
34360816c566403e956eb492b036dfc5fdda3873ddb0988701df33a53ba18f1202195341a816c417b8c2a312ad089649ec2b69520ffc5a16d1e218d6e9ecedb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2424af7f6afa4a5245f5b8e40900b640

SHA1
7a1f81f44795af700e38dac9d71e69bbf0c8d296

SHA256
9fee64f236f48c2118feff8c8353b74f5fce92bbc95aebc3aa5fcc1c07add66f

SHA512
148ab3151ddd70f5f5956c9af6babce058d7a56041141f3a6f2ed46b6e1eba9d59f8c821c3cd6c03fe8ef2e06cba66fa2eacd9b067cadf0468f016ce017ba011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
8865e32ec9d4ddd1ff06c40c44b387c2

SHA1
ddba1673badb93ed18e81c0f1b078eaa042c23f2

SHA256
a0c786127552735c0b246bb7bfac6b2b43d214ad85c2ae6ca47c3ec11e780d9d

SHA512
84616dabfcea8d99eecf35130013cbe1bbaa892d2231453a1c9e8498fcaa52dad77a5c130e1a45c1d14296a3a1a5da23729be4601a91778ae3a5767b50aedd37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
9caa7f477a7d9fa870689ae1fabd8120

SHA1
7bb7ff78d19ff81f6e327332fdef0edb1dc38f24

SHA256
b5669961798115634011cec6a55090c4d76fbcac7f51a16cd799a4bac8c7c868

SHA512
3cd9de59b85533e56fcc06f88dc6a4641c32b171b5fed222faeaa499f02116efda08f23aa9556739de058392974838685b00b0c2e1da5951b61a538372677661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58625f.TMP

Filesize
88KB

MD5
af07909cc2ac8a52bb5314c4b85fba15

SHA1
fd502b62209ae6c0ce44a985c7ef59dd87212eae

SHA256
38adf3b0f1be8d8e107f4350d68fe83d0aedc88f45e38306fdb986e4f1102e39

SHA512
9b63ae0f68185f466c3626d0baf44fd9ed7ea820af0c2f28ea7e6f077c9333f80ac8bb7cbcbfa7b479b80708111514f906004cc70e29b3e80fb13be5dec6ebd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD9637.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1792_XWZTHWHVTWBTCIGV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1492-9-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-13-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-10-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-17-0x00007FFED5570000-0x00007FFED5580000-memory.dmp

Filesize
64KB

Download
memory/1492-12-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-511-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-513-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-512-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-16-0x00007FFED5570000-0x00007FFED5580000-memory.dmp

Filesize
64KB

Download
memory/1492-14-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-15-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-11-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-8-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-0-0x00007FFED7890000-0x00007FFED78A0000-memory.dmp

Filesize
64KB

Download
memory/1492-1-0x00007FFED7890000-0x00007FFED78A0000-memory.dmp

Filesize
64KB

Download
memory/1492-2-0x00007FFED7890000-0x00007FFED78A0000-memory.dmp

Filesize
64KB

Download
memory/1492-4-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-7-0x00007FFED7890000-0x00007FFED78A0000-memory.dmp

Filesize
64KB

Download
memory/1492-5-0x00007FFED7890000-0x00007FFED78A0000-memory.dmp

Filesize
64KB

Download
memory/1492-6-0x00007FFF17810000-0x00007FFF17A05000-memory.dmp

Filesize
2.0MB

Download
memory/1492-3-0x00007FFF178AD000-0x00007FFF178AE000-memory.dmp

Filesize
4KB

Download