60593ced1e78fd4b3fdffcd58bcde989d8e9b031b3ad9132815fdf614e0449d4

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CeleryInstaller.exe
Size

822KB
MD5

0bd82e264be214414d6dd26bac3e1770
SHA1

5325e64053dcf599a9c5cedec532418716f9d357
SHA256

60593ced1e78fd4b3fdffcd58bcde989d8e9b031b3ad9132815fdf614e0449d4
SHA512

842a80fed2286d06987cd2dde7ae94fc6c7986eb49cc62684f62f148973e5080df7866e1d2f81d53cb5ac95ef9d88489f6765265e29104be0ae349c6a3164592
SSDEEP

12288:c5SsIg0ZvkY29slOLJFbJZXM1Eg/2QAu4NRFNxIg0Z:Ru0ZvkY29+OLfzI2Q0NH10Z

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CeleryInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673182775651420"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 4796	3536	chrome.exe	89
PID 3536 wrote to memory of 4796	3536	chrome.exe	89
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 3908	3536	chrome.exe	90
PID 3536 wrote to memory of 4208	3536	chrome.exe	91
PID 3536 wrote to memory of 4208	3536	chrome.exe	91
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92
PID 3536 wrote to memory of 4636	3536	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\CeleryInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\CeleryInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd498dcc40,0x7ffd498dcc4c,0x7ffd498dcc58
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4424,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1084,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5044,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5220,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5416,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5316,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5300,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5376,i,10164677158306425279,16797478832235744007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2560

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x150
1⤵
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\827a39ef-9167-4c26-b3a6-313a80b1dfb4.tmp

Filesize
9KB

MD5
24aee18e75b7a98051006dd66dbb960d

SHA1
e6c9ec784c1e18e86d263a27369986673fec0766

SHA256
b08644f2f30fa03d0677874edeaff034aa8dbdf5ff4d673dc71e5cfd10cf497f

SHA512
700d43e8e9d95c77a24c1b3fca53cb6a48d0d1f8ae4206287dde59111d946a1d2a6e4724411d991100e6b9d4d2e866b3bc057712307647aa46b8d2815210a17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
404KB

MD5
3b1abbe87311c28f4059c6cee8caa5fa

SHA1
59616d12bffdd457fd47f535c44c54855b226a34

SHA256
378fca5ef68806ad3517ae4e3f16cf498f2ce7f03e47de3cd835863e1063c1ac

SHA512
782c6bacee55516012657f4d7c673a527398fe0825b4db48b394e0388e27e8b76eae4cd9f3a643593ae120c886310b94ac5e0e4579cbdddae95ebffdc0ef11fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
72KB

MD5
e8e9411b9af11575394b37b25cb01f46

SHA1
e926b4cf15a32a0058d374658318cbdac12c3d3b

SHA256
17c8f952cd196e2d19b7e476e4256a8f11dd2c578b63b40babf42257dc6dbaa8

SHA512
2563fae83451b85a9f0c2c0f58158559ab2ef466bf6f4a00cbe0110e997bfce32231a031cbd76f0e45c4f30affa8f7941a199a320ae9cee2785a1de661154619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
20KB

MD5
e86412f085813c1c30058ddb3db6e660

SHA1
e4f03abc70e491e7b05dffbfbf5e275eb32c7f5f

SHA256
9ae95037b1db11e27e7313fdd6ca1b63a3d90aac053ba8e362b1d78970968eef

SHA512
4412ea90a860795b4f2de12e6f088c86bdd045043af6230b6a9b02902835a6a6e11ac97f80e9cc4ae0f6d5bb07fbc0be2a858d314be7b3a1aa24799e27a4ac38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
105KB

MD5
680f93c6fd05b60f5d2ab90b9f8f76f0

SHA1
4f8d5b73a4e386df150e8ea45563458a706016c5

SHA256
82bd54fc5bd064bd5e83bb3ffd5f01d4e0d621e01cd1482f012282a0eebe1e2f

SHA512
c4202172fc2f7775694017646a95a77ee343468d681111ecd31e4700460bf44ca77a61057b6ebbd420e84d6424d75ac05712569457324ecaf3bf2863ff9bb85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

Filesize
96KB

MD5
c18bdafe315f76c28380e9b0eadb33e2

SHA1
8c2ea5418d6d27d5cefc208f4b354e396fb27237

SHA256
64cc03f0f717df40b9e9eaa70614a03812f7168088035cfbdcaefe32992e322e

SHA512
4b97a4224d37f9ae5fe9c199022315e4535a06144c444e48e1ace9e817c53d7546de12cc49a21c7aa23db179f322897c235fffe5ea07de0140a65bf2413ddfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5fc8cfce14cebc9656f1e19ea3244157

SHA1
28577749ff14938fa56ab5cd381b883fb38f53d5

SHA256
f8e5bb72574ce33498549d21a1c8b2fbf434d135303e6f55255e2199e0f34e5b

SHA512
d405e16e5c27fe7c6351e31739b9b4c06d57499ec4ce22ea695ddbd9363b9f93dedaae0d4c0a417caabb0fcc95d0e0527484c57cfe09e4c4241b6b364e5bed46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6aeb882177a54f36c98421f08e60b55e

SHA1
aeda4684d25923f968e12368145d5e86491e8541

SHA256
ad956ec2f492e200cb55e3401a888dc4173a3b97c8b81a15aace10c39bff68d4

SHA512
8142d34721937c245106c375d7983fcd9a3f7e2051281d16a4f3c00ff0897bdfd4660ca38a411a7ff6f9aaedd37761aa249e989e215eaa52cfdb57cd5b72e6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
010e9fbc51cbde0920329a7d168bfcd0

SHA1
cd1d3e0ebc8bc61e58ec426119d3e382abe77792

SHA256
ea97c2914fcf6cbd1140c999cae8a862a4cade9b24402d64ef5a6b4a007e4671

SHA512
4a3039a52d027695db0b2c43423440e48cd75d3e3a555f8fc99c326bd7d6dafa6a91065d4871e956552b925d2196a0e86f119ec3c9d17aac659c050683495346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
3ce6c02326c377c04a5e7568dfbc098d

SHA1
53d54ad552ba356df2e66aaa1fdd39a071e59900

SHA256
96b0879119820c7a4ddc45ee42d2ab24b44f111a16908a92c5249043eea0a38a

SHA512
3edcea10e18f1d657656e94d1624ec202e1a985e78a448ea0ac2ca16556da0223dce5c1f871a4a2067291cc183c94f46bea1b0c4ac2e5afa4a841d7774c3c481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
fbbd2bca6d1942ae3c50ef0901e5591d

SHA1
d383cf6fe862daf7b1cc9f5a37044dec6d2a68ab

SHA256
18aacba023fcd7f312599ee595694c7636f013a476cb4daa0d0406f3165354f8

SHA512
fab93205cca5cb545f6facc2c35c1561199c79b51e4db81deef29a8d7c54923a560d72a82b70dd667aaddbe01a19754b89960c09b37a1d35eb55cbff801ee27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
fd15eb09dbbe07f20dfa17791abacb0f

SHA1
06693a25539d05cdb830efb2f68a0a3e131a8128

SHA256
3a6a40cff48772500fe9042abeb5497f14931d3d5c694ae54bb9af47b222114d

SHA512
4fb92e58ff57ecf33e40c6ca03cffa75c2c9674354dac1a84eb7b94d1d5a1b58813c7a7f01efe9d91ee3a7657c44919e4607f900aa0eed1b97a55e926bd2f67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
1f289f1784c30c0e96eb4f7d99c94a1e

SHA1
70178c7506359b7dd8d9229263b32d694034a1d1

SHA256
802f563656a8e785b4ea2b0f2998158887f219a63cc79eb58a62fc5d6b071197

SHA512
0a7acbc99ee868ab2c9b33bbfbf076597deaae7dbb2affcdd7284e52af97f01f751ace76a7f4945f5cc7874b2aa71d318316cd8e73963879b8069c7b9e3062b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
5866ee74a5b0234a02c909e6a6e1aa9f

SHA1
c2d332d39e1764d79fb34bbce9b3027c8aca1513

SHA256
374c3728369c21cfb6afa5a921245edbf216f8b7f9d1e6753d5051c80545d691

SHA512
7289888dafcd2c802c7de562e7500eeb15d78ca15429346daaa37e629fd1df2c7b861eddf61784449cf64dc46ff3497e1e534e06e2fa62ed422fd93ef258a3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
3fa9260561edc777286f9b6609431ece

SHA1
85a16ba4c8afb9cdb9f5a0e6668c4afd1a4ddab6

SHA256
c72f64d96b5ba0dcb3c66e98ac2835a0e4e087875aca7b22bbc64e9b9aa99760

SHA512
8a0bdce636836e390801dbbe7b1d13563a17c069cba99ad9b1e181d561774a4de4b581c1491626d4d1372b2a6a339ecd1990e677546202bf55750a256fa273c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
9e38319f5d2613baec039102efccb7cd

SHA1
15892a75a8f5639acdec29f0593c8128085088d5

SHA256
cdda6682ebd9fca003b48ee83333a3137af2e1c1acc70cef006bff03e877a3c0

SHA512
26a165b7bca626d42c4e7a3fe53a414adf077bfbbb64e27e548a2ac25219ed9779c4358328cc660f15692e45a684a10b6bf6a22005e3c608a78f8f6553078fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
636eda300025cdadcf9ee1619df0c052

SHA1
e1b57cae48ce2468a8730e77cbb7f01aa90e037a

SHA256
dfb82fe16ea1c6c9d849009df8d9f75152b44555469e3d89f612f40febf95847

SHA512
cb5a5acfc168be81be9d1e11baf1abbfe7ccb5c065978f4632e395f97b432774533042e27e1f2b4a270161e3f1fd7ad3cad99877cf24eeb004499c340a1709fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
535060f8505127eeea763eb8d0ccfe16

SHA1
51345e0a095935661a86ca21b9238af0a277b55e

SHA256
3941aec0b958aaec5dc8699b10c18854a30005a5067426c24e3c389ffe8c8c9d

SHA512
ec6f187ee9e40d297a6234145d6f7d9bdc52a9dd7d093ef01bdf0f3f39675770e9c6548865870e9e131fbd8cf4910aba277e87114fec0868c70041680b284cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6bd388705ff0f4428223c98195e6ff6

SHA1
911c93432bec8b5972ac14d56fe1939eef56f8d2

SHA256
5a9ff10f0f8ba5e7fd3a8a1572e8203851866d7d549c662132650f9a3ae2b215

SHA512
bb06e4a980e6d6c00bf6ca8643d815abb98714d1c44479fce8081896e665d5d6edf07e8916672dc0b7ef5415fd85a5449531e85209a7405c7e58eaa8b8353593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
710c870ff88ef3db38e05f915033cbc3

SHA1
cfb08fdb618ae2ab56827ead8b3c6961464cf448

SHA256
cff12e04a88a83f41afa3f10cd757ccf64cc63dc63fb973abd669f5ba9e9556a

SHA512
36d0a196245805b1843bf6eb3f9c01067076ed7fcea5414e4867279d163d23595036e02ad6455efe7c25ed77606a17b377eb603dbf55a4f78c08fc94f2120d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5c3155f1e1bbe0f3450013018f15b07

SHA1
34068451bf10446c9093268fc569c6cb84cf5c36

SHA256
492d8199b75796340e862ade1daf2ed3b2f8abc9f97179f7226ddd6264780135

SHA512
35891f43ab116e44df57b9eccc1adf1f8fa7e0d11cbdf128abdf8d61b38de7d47e7073145a0c36cd3a981df23964aaa6622dff8d9901383b16a3dc11058ae415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf1efc282d8d0399c9b40ac69bb46742

SHA1
2c7b141ece3dd7217844b95815d58d7111cf519b

SHA256
12fff6aa279b07666c9f906c105f4d571438d6f759efc9553ea5fc4037a5c1e2

SHA512
02b024ffaf0514df540434f6340a7916a4ec96ecc9370856d9d253444dd57ad99ec570ae4f402f8417511459e1aa0b9ae4066f167e5d370800ad4cd24afa6639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ebcb789d15c2c8e67e49b76caff7be15

SHA1
437435ab22f610b7c998dde537bad1bd67b00d71

SHA256
4f3e42c3537a605e6e4478816de5a1cca0286cb81914729f487a870fdfeebcb5

SHA512
407475aa7971d1c62907aedb15a772c9eeffff6fe8e2a1c117b64259ae9c0a6933df31ca917f686b2ec1f69d40025456682eb2afca68b5d03c340aa343ddf908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b2d8c7f503d20429cb50c4f83a678ad

SHA1
3d18f2b03ee02714bb4f515608b8352cdabe4767

SHA256
df60be3764c1bd3e6f32584501f396e84e4a2a9d2b818a7d915854999e112962

SHA512
6ac5e7ce50ed4a50c62efd896f68eedbffdb1db54e87958d0fd40437dc2b595ec927180372ea3aeca507eff85866d87906000ab9760383d143b587bd70e1f49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
83aa06724909c35e428d6ad582a822d2

SHA1
58006f13e89ad277a255f579bf308a42dfdd2027

SHA256
1e74a7b98396086072686facddee7d422d745a97c83da66add908e0c7a16e04c

SHA512
c8c8a69f1c536ab875fe3d339714451c8406d68ca013c17276c111e722327f9c65400f72f7b67396e979e4fb1d1cc63972dd852805aafd559b7c9cc3e63bbe81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
388bc38761f890af2d476eb9d0215274

SHA1
5824147d608f1a5dc6a552a3106baada07230f21

SHA256
a8c5065fdfb46c0f973583f7ec12ae014731363f4006bd7b51ed0ee6497049a4

SHA512
a04c924caebf6a19f68ae1ec1aa30d6a46aabac8a08e487677fba2aee7a6a49c344b1fcbcd92a8aad1e5019944a9f541745424e6a993a6cc6102b0454a6db24c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
627386dd72bd50f7edb12dc368a4ced8

SHA1
df2ca124b99e2cca84b6cc713bd2b42048aa6354

SHA256
f41e9c435b41ac1f7d1fc7d788537b04aa6ef9cf6f4d7aef31b0915b3b1aa69f

SHA512
c385f8dc548ca761f3d805970ef47447b277360d63e0e29a807f8f0f83ad0825ba3d52af75f6f5ed2972113fa4cc3f1ec199face92cb9d467359be8b3fa76a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
a7499043257439b859b91a90a0b10e4a

SHA1
691308856e276d8e516c4d81743d03970e935b53

SHA256
ded83bdc8ea04e2fb618088e30c6109a8459f13cbd3ab840515172da7f7ee6c2

SHA512
8a09d8a44ab2aa535740049218dcf5269fde2936dab3618588dec5f33df876b1653aab02855d8e87f7977cb285ff8aac557c0aeedc02db9b8865a60dcabd0f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
98fa287945a7bb7febe7a3b46382302f

SHA1
93e8defa886919eae2d04ba2fb2c1dde760c30e7

SHA256
d275bcf243b6406beb2c96f441e5db46ea5f58af1a32979ea85e6447328d8067

SHA512
3f196990635722b31d9914aee431e37c61a65a9e071142cb4f3e6875f9550715ec88505ee922c90eb6001c64273962cdc4693b32411b938e463aa85ac9aaf4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
4f78f734883d48289852b76bff54cc26

SHA1
bebc5e059512a9ae30fb72a6d2a29b285f36a2f3

SHA256
5ef06638f049cddc23cc0e50a296757a5eb2a984f038d81ff460d8c0b82ebbe6

SHA512
86f51f08d8d0bc076fcf702bd2ce189bc67e2c9b9007990eb4e376f73352a942646b91265cfe86f1ef54a20d0df507f9004a202ee01199e65bfbe1e3654bfe41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
4991d53b0cec6a336c1599ed0308b15c

SHA1
34045181c0cf1215b9433564ecda1de7482dd324

SHA256
75dbd539a2258031550ce63ad936b22e336c508f0de00f805e981ef213153c20

SHA512
fdc0b1731fead627e602b7e785aa6eb42711ad7afe8bb90881d3bc04d5adf0c63269f62702037604da2bc544f1dcbb6dc37c36d857c94747c4b7bc243a05fa30

Download Submit
memory/3484-86-0x0000000074F3E000-0x0000000074F3F000-memory.dmp

Filesize
4KB

Download
memory/3484-31-0x0000000074F30000-0x00000000756E0000-memory.dmp

Filesize
7.7MB

Download
memory/3484-104-0x0000000074F30000-0x00000000756E0000-memory.dmp

Filesize
7.7MB

Download
memory/3484-6-0x00000000082E0000-0x00000000082EE000-memory.dmp

Filesize
56KB

Download
memory/3484-5-0x0000000008450000-0x0000000008488000-memory.dmp

Filesize
224KB

Download
memory/3484-87-0x0000000074F30000-0x00000000756E0000-memory.dmp

Filesize
7.7MB

Download
memory/3484-4-0x0000000074F30000-0x00000000756E0000-memory.dmp

Filesize
7.7MB

Download
memory/3484-3-0x0000000007990000-0x0000000007998000-memory.dmp

Filesize
32KB

Download
memory/3484-2-0x0000000074F30000-0x00000000756E0000-memory.dmp

Filesize
7.7MB

Download
memory/3484-0-0x0000000074F3E000-0x0000000074F3F000-memory.dmp

Filesize
4KB

Download
memory/3484-1-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download