hxxps://dataroom[.]ansarada[.]com/share/f0e2f942-5585-4e48-bfb8-4b02e83f6b1d

Resubmissions

24/08/2024, 13:50

240824-q5l6bsvcrq 6

24/08/2024, 13:35

240824-qvyrdasekd 6

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dataroom.ansarada.com/share/f0e2f942-5585-4e48-bfb8-4b02e83f6b1d

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689801499675168"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 2356	4024	chrome.exe	86
PID 4024 wrote to memory of 2356	4024	chrome.exe	86
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1832	4024	chrome.exe	87
PID 4024 wrote to memory of 1880	4024	chrome.exe	88
PID 4024 wrote to memory of 1880	4024	chrome.exe	88
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89
PID 4024 wrote to memory of 3760	4024	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dataroom.ansarada.com/share/f0e2f942-5585-4e48-bfb8-4b02e83f6b1d
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7d6ecc40,0x7ffe7d6ecc4c,0x7ffe7d6ecc58
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=264,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4824,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4916,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5020,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5440,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5456,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5812,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5988,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5952,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3840,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4660,i,18202300228910983472,14415873573719262528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\241b53bc-9a69-4663-be68-ff53c7bc7593.tmp

Filesize
10KB

MD5
b045ba657f8dca725c1768e25cad2af0

SHA1
58d8cd5a64f8c167b2c68a7d030176f55c6efd7a

SHA256
f240e7e95a310fa08685add1d9f9ba0af3af5f447d47684291fa8d30ec7f0978

SHA512
c5d3219494944f1d063cb0812949dd5861e8a5673eac41dbcf834d7094c8d11c83ec75527f68c9d7797560b8c89967651dd9ad0d5a52d308f1aff69b2017cae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0cbe32173f476c4f98cce890eb64a66

SHA1
434bacd69f88b7abbfee65eef261e19c8b9ff038

SHA256
0a46f172e3909fd8a3296ef7ea10511eb73ad0170ee1152f9e6a045c4accbca1

SHA512
56400a7e13924a4442c415a512f58768eb158e9b1c9a02317da6e99e190721a5e180b60a37aaf4210f5c04ba7cd5709e4b52406cc2b2213d5ddb39b2c8f6e32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
2d212c6d3db2740bdcf0b70b50aa9622

SHA1
119d70f82f7f5ee6b77b8854f6dfd11e4f497060

SHA256
f3b72e4a7e4a8896fa32f2690a7aa5aa1337b9655503dd626391e64835882add

SHA512
f4b3f7673c0cf4495456be68ec2133719247a6ca3f439244cf0c00de70b7b34f235d5b81f6c7430ce68ba354e3062a3716909b49b8a2c789ae50faa210fbfe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c57654ff39402357f477e2182a3781a3

SHA1
d04edfad83306a45e6b96b5056f7a139165b0f41

SHA256
a4cf1f17fcaace5a8c2ee29d9469da0e708c00906d03ee90e8f59ecdb644dcf0

SHA512
26ee83e033af4b93be615b26f2eee6c856a28f60190de232c6de6058d2c7010befd2dc83b4e3cfde6333c384f40c48cdaf2ec922b0c9e1ebfa77bd935c1c7664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2bc4db21c8ad0c6e3b09c1dfab552c0b

SHA1
bdd334d9a6d6945d9366425b9be66c1a281ad0a1

SHA256
52e8ce98e2e4cde189a88692e201d7f44b45c7c88468817e2b21ce5eb70e2591

SHA512
d63510797365becf81a18811c833b0da10f455985796b73f13e43bb736e0e2738928eca547653a2ceb07b8227c86e63325c3818442db1c5ccf6cbd926f7e035d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f6760762c368e432a91149545bd98ae2

SHA1
5e6472e65434f96c24579029e8bcc5dcb445fd54

SHA256
d9f880786df8876b84eff80b6e36681a54a837d8ca3443eab3dec8529c8d5c9d

SHA512
56e3eeec345ee5956dbb99ac195b890f92653f67652f0e226e7188f63139dccf79143bef4a432053d988009cf68357712db18be484932c171aff257dff539320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe3114dda9bc245cddc3fe25f4df8232

SHA1
c048491e8ae87c4e29769b9dcb37a942f480196e

SHA256
a7bb3b4fb414f7f88ddbfcb7164f4b93acfea678babe6926e56e5adb70b928e7

SHA512
2e6d98bdcb9327ae731013a3cf52722999b5e63d67a2662c8068358ce87323196f56d05acaf5457f1bc6b3d6a2c71150deb70f0e7cc29f58d950c8fa2b9f7106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c1b9fab320c392212ce18c30dea5e5c0

SHA1
28c04c9fce9298a904428c75702b1bcd0ad49b20

SHA256
844058fc7b5d35c87fa52d8c5ccd9bea2499210e357f314649c46cf151ce3825

SHA512
752bea1bab20d2498ea9e7b3e350a0473a0c02198c60a8a60fa0e4913f4ad36b3dfb8908f6d46975be35d6704554d7d7a5a40322c352fbed9a99377967f5c502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6abbf08ae616ce0f96cbb7df42eb5256

SHA1
ef767339e903f3cf4c2455edd044af27493f939b

SHA256
65ed5523a64bd8a3e97ecbd00ee918e212c89e1d4b71fdda93dcb2378a817d5a

SHA512
d80d7bdad5fb05de6d59c0c748281da37dff7f12d4ab2cd096a155c53c97cf7cf237ccdac2bab967873dd203b220e5cb788cafecc6335e4e8f0a632a8d4fe9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1d952c64be8a26d170a31564218d4102

SHA1
14277e351bde5d4725ee6bcfed137c068c17968b

SHA256
15286b354851f73785420a92cefc48a2300b44a0427e13b901fa4308303f68e2

SHA512
4bd35e47ddd94483b3b26a4a3a1e9a20e5db5c6d589b0a40409e046224745e6b71315ff651abc792653088b9c56c1123a29de88e4d8ef633b60d3ca892ba1be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
02e71a944d9dc34971fb4d33e141b11f

SHA1
f532fa147914c3fb680311ba89c12e6b4aa9bd6c

SHA256
7e288915bc53afb497d202ed9eea2e6d62728cb4ae54bb2a9aaacd79be4ec729

SHA512
864b6f84a741a582f6a81ebfc001c92cd322edcb7502f4f174a6ed569ad6a073b8ac2c639f5340609a099254bbfd1d555dd8b745e0a370319737c26d0cd35a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e9ee8c24cd5d650d8da3efe2b75db33f

SHA1
63bfd3185750195ba42e5df0ef1397b7d1f56b0d

SHA256
38035000600b7bea75a8b954417ecf55a4c93b497486a27da90114e02ee13c64

SHA512
add05063c4d1e3effcfa210b94bb84e026a32a215f231d3ee67e21a83995d850024f176ad900b74a4d744d97af7cd682d57f32f15f07afeec75ce49c9bf7ba72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9d18e84159fc9b4b577e95a68d0f0da5

SHA1
cba0176f074de777e655f5b3f40038984cf24beb

SHA256
d2c838ac1ab05df2d418fe68c207902c900afa81880e1304ebe5e4e9572709f6

SHA512
e3ced6f14179d2f3b87fa4ff2a7087f54e850c9bc01a3b85f11bfb09eee5cb47464dfaac448ed7cf95c77942ae0dfee95a9db4ce67d56292184b5d79cff9d7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6544f7e27939705b4d5cdcfa36ee15cc

SHA1
52f6bab758b33737db3d1800c39058041ab8a1cd

SHA256
acb39afb4f356f243afb20abdf660c8d17a893707d99ac7a27a467f1494ef8d8

SHA512
42bf625c06e75fb6fd09b0dbdb274032b1914b4ee6fcaab178f90679f9f035a80bcc212d92a692e28d07e4199ad3efa810d84f38009d35eacff6f945a6c4a0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0e3cbcadc999ebb01be93220d479675e

SHA1
b6e48ffd86f7d6d6e56e28b86d5767af483c3ff3

SHA256
56ff9512fe735e9ba427f042d3ce6e6f282c20129e5c8448c0c9d6fcc1af6258

SHA512
42b556a96f705544d3c991bce94fad598145fedb1e818cfffa3c7593816c1662be5ca8a14862a2f1f2c4f2721614865103dd90ae5578f94b695fdb7fb73a67ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fe5f83323f384de7165fc8abe911885

SHA1
052d73988609bf6071336e2ae61960a8dc256709

SHA256
ee7ecf44fba646f752c0fe10cefc09744c44ab4b985c4317f7a3c86a1ac636b6

SHA512
7b6fbe1ca155f419fb2736fc4ec941fa7bb973de677f319085d3b8cd5b25ada9ad2efbd5772e463524f9c1afb484da8314ed0f0c2ae9423b965f7dccac03b971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0835b604ef736bbd8074b7466324bd9f

SHA1
cff4ce57a3288fd253cc3d86d2299681bd2a3112

SHA256
1f7040ed465ab42b87c0454b72407f1ad5caab22ec83315f861466d373aea2ee

SHA512
d4fe14da099597db99efd9350a43066904aa610dcb56bb6773c3d53ab90c2dea2e3be2d82e3c2ade726273d15fbd22db07e883c81d468f678e92acc53f7293f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cf2e59e97df8a15311b5acdc4d5488e

SHA1
96a3d99ee1c6c62db6b03c2f4e02884e5702581a

SHA256
ef29acfd0fc2d6db084dd76b0bdaaee427e821ac23ac965ba96dc192cb4c0779

SHA512
a722fd5ea3fec63c8259a83b94c47576dfce0a83db22a4c40f0e3a65a26e0cf927f4874b700cc1a28d6d49ef873f3e5011fef0f3b27a61208a409923b7338fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c48aca63da44988ab3bb6cc6db705c1c

SHA1
c481851859ee63b00faf0f102da7278390f1f252

SHA256
05bb6f4b2881c474d14afdb17cc02df0f56274b85732b9a4826242928ba48a31

SHA512
2c0ea9c73325f51c20fa7ef8c73b9a6efebe0dd1c70c914555e0d192b0b8a992b5b5c17c6ff23077b2883ad9a4a47dc1f6832896486a117e30374662142ef0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50143134d3e4aff21c3d95281f95e95e

SHA1
dea609de4ee809e61274ac0d5c3812784ffdba7e

SHA256
2e2bc34b85aa858e9dcef9b577b66f7ad59d3758e6f27ac7693fbffad0ac22a9

SHA512
10ff116388cc2bf2a74b534057dc88ce866635b444b21042c0ccf8155be2a3a73fb904c03253ea209865898a3d47a2afe4c7ac00cc7b026de99018eaf578cbb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cef346fde9485ec38eaee15767a6088a

SHA1
5f5706301ba52ad05b0a47ab5a5ee9061b8710ea

SHA256
52f5096378c9ab1d6435b188e8debd7b70e2bcf225968b362e5c1011e7d6fa54

SHA512
55b385aedb5ee58bf040e1411aa423a0284b605da5064064f7891b1b9ff1682db7a5ea1170450de7ddfe52a971f9fc1201924ff75c7e4c84bc08e871d9bc2257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9dfa61fb3c8b09e270f2345c1e480a02

SHA1
4850b9d052a790d922d7630430d1b14b3206c2f6

SHA256
b2be321a3f805344445c325f48a9f1f13d08c964c0446714ea33a0811621d2ef

SHA512
2b9e20c84fcbe853f40bbae6cca7de613bfd19447f690ad9a01a2fdfc4343de7a286ec46d00c8c8aefbebfd89818ed2b9e73abbc898022ec59d795e09c829949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
077f30f00f379437d2cabe0f574f5f19

SHA1
fb314578074d93884cd10018920a526ba9a49684

SHA256
1e20aa790268327c1e4004d03778769d57d3f0e6f4c719d858a8d1ade5f8571c

SHA512
c50e2c5884807a442fd1cdbd5196cb9c4ce7ed809c9a28a47bc3821cdaebbfe5719408176eef40607fdc68614c8bcb3eec1b85b4b37fdd54df2a46918ad9f73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c51b770efece51a8defc7b031549bd78

SHA1
c51dae90853f4895779b7d3a97f929261ca008d0

SHA256
385f56b5551a40657a86b1dce050c4f821e7498e06633c4587b6219dd1fe9c49

SHA512
889960172f116fe1d5e25c95997257278071708fffa9ed30a07bc600a0a079ca0336425e4ef8562a86f35733c307a6075236248d4690df0b54f3397830c5e02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c4c57b0e5c23655ea4a870fc44c9c187

SHA1
6a596410ce812f8ce38b8f38cb1d040f192f90b4

SHA256
d569a737112f02ee46abaf26a44c4346e60cff8c95dea31eec0e5a9c5f5fd386

SHA512
f23fdd87ccfcffdfccb359f8491acb80fe02b3ebb15187ee2de34c224825021c9d6eba9424c3b792b65c57e6f05ed5b08acd0947d1b3e4de37028cc2a510f5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1331e12c4aee0319b1d0eb560ca1dafe

SHA1
ba31619d592433671fe172f7570933c9d3a3f4a5

SHA256
ff73d164ce4914344ff12bdf98c95c4bd69e4a6baa948704917ac1d54ccd2254

SHA512
c644cdfc483261861dbd38737a4bba88de9d32a4c25ac2593b281c55ef75b47d66378f8082ce02b631b915b0504dc677e9fc1068177265f744ed26663b3cb14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
10a88a63e9638caf5645c400a7c5abcd

SHA1
956a59652bd4d43dd8e654175f8bb86372f44188

SHA256
3cc2f1cbacbcbfbe1367278e703b02ed363eb2b692a876cc213a6337c26d8e53

SHA512
18e1652f4eaf1faf82fb4b6d5244b90e72179d57d0c2000394c8d020a87eb65730277ec851e9d4d14da936a1e1134f6fdd72d3a585596a8c2b53953b0bafe3ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b191c33c36131372d273c34eed20df9b

SHA1
be4ec0453cf468592cca2409d6a0cf09b912137c

SHA256
f14f1c168dcf182894fcd117897bef671e78e5fffee67f7380a67b6c892a79d3

SHA512
3b09b7375ac383e3b3e48bf70e68b224d36cacc7ab03229583a0069250d603233389679eac907002b200a78ca19b9626ecb76cfb51213c5cdef7365aa5565da6

Download Submit
C:\Users\Admin\Downloads\02 OFWF_AUGSS.pdf

Filesize
62KB

MD5
38ab288dd2b1d5aae46d2f1cb8290560

SHA1
32a76299042fdd996eb9e317d3c3505e70529709

SHA256
0cd100a5109e7cb2f13138ec8e78105faa5fb877e43fd679b9c7d8300c9e3c3f

SHA512
986f95067294a61aaa0539f2150abe533ac0edcdcc87795c84f7af2b54a82277bf90490fa499a8f28c2854a957a649038052e156087316287a1cd22f3a2e0735

Download Submit