hxxps://oceansofgamess[.]com/kovaak-free-download/

Resubmissions

21/09/2024, 13:41

240921-qy7hpavdra 3

Analysis

max time kernel
38s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oceansofgamess.com/kovaak-free-download/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713996883293450"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2276	2816	chrome.exe	82
PID 2816 wrote to memory of 2276	2816	chrome.exe	82
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 3924	2816	chrome.exe	83
PID 2816 wrote to memory of 2288	2816	chrome.exe	84
PID 2816 wrote to memory of 2288	2816	chrome.exe	84
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85
PID 2816 wrote to memory of 2252	2816	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oceansofgamess.com/kovaak-free-download/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb500cc40,0x7ffbb500cc4c,0x7ffbb500cc58
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3320,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3704,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5192,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5060,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5436,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4620,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5428 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5184,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5680,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5580,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4948,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5644,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5828,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5016,i,1579498251815646216,9533803945481496277,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4552

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3580

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
489acfba764050460f26bc518746d80c

SHA1
317eccb8458f8451ba060e477d264da2ebaa7f43

SHA256
c6290bbf4865a06a2f20d51d5e281df75eb92231d25f778375fe864186a54c94

SHA512
929ca8d04b7976ad9e81c5c4f91ed23f106acf82d9f26a171a5e93a1c72115053a814cffc1f7f55ba40b44990ceeb020ade77a155131f7d93b15566ecb79c704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c7992ecd48f657db8c704d7833a9cd6c

SHA1
fabc15d404e2a29a90ce06681c3ab049aac0be9e

SHA256
43b90ee7d885614dbde24e0f13c2942e983751f3a735a4ab682406e776f38f67

SHA512
3ed4921f31dbaeac6323cce78bc784283c4fed5cf6cfb0ddca2b89761ad09da68675a52086085c7cb98fc749ecc52e9731d7d39f8da0525752175953d0e86d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a3e3f7058ac8eed3e848a0e0599b086d

SHA1
0c6a6e7a52606ca499398f9efe24ff7b85ae820a

SHA256
b51e636a83bd6a6c9b6b2efeebe6c9435090de0c26724771b2b20ae8132d4992

SHA512
d0b1b9bdfa221f5b600da94f0754488f5a39e8a785dc0119e650beb4ad2c17a59cdc6d1de0d6fb3fc59374351346de8393cc9b62268dc9b679c2d6bb71988fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2849a089d31c9715d524682128c24f79

SHA1
ab56a712ba502020e279cf14597eb48f3318a6f0

SHA256
806498296510a100b2b513fa2fec0f818b7705fab3e6dbf788fb552cd4c5dfee

SHA512
ed581c30412234012e0377342c97035dfcd3cd922a534bd1854ed11eb736be9c25ca315a95e5fb33b29efd539831f00ff59ab1c027513db6b7dceea4d802e68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4a03581da5dac84f3ea6b6613a499733

SHA1
357654a5d53bebc9b1bb98d9b4452308dec0c157

SHA256
d58efbb44b4b8e258b075828cd5518a295f39d382758452dde9b39ccc2b0710b

SHA512
115289bbe8502b92a81bc458a808346eaf3dd00d04aa1f2957cafb835cf2f1494bcc07e0d237f8ecd3633cf5d6fbec061893bcecc87e7c824cd19a3a10b0889c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3515287f5936c17544ae2a4017b330e

SHA1
133c71d6fe46cad775af9d5f9fa4669626b98d98

SHA256
c6a2a9c7e62463035dec04fec7c8955b977eae06168e93247975ad00be458f44

SHA512
0c78cb6cb4e39a9da247d6c9720aea645d91982133fd6ce2dbd6963536c4c7c89750591d944373b8b1c844750537101afe7ddd7110748ae6e3f25c0e35ca4ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51d60f7ae31696ca82413d4777df1ec4

SHA1
f6c5fa0ea187bfeac17ee3c0473839a3ce532402

SHA256
02fe60fcee1731e772cb917fcc811cbe58ed31ddbc97c148a9be96264031c341

SHA512
7a28cbe520a1c1443474f95857698070abb970916f36367230bc3d7e9e1d156a823c128fa7658bd1cfb84b75f8fc7159b064c2275e015e3dc929b8f39be413fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2fb97d2ff767aa9844ce72f871f331f6

SHA1
22002c5c131a40e02f0731d518993dce24272fb7

SHA256
03cc6e4771f1c4ece201eeed9cc27dedf1be778a206f9d735de89d997e8cc752

SHA512
b1864473f3cc612b60d1401433cab32df1fd80da49f962c809c5cef63e9ffd7046a40e752ff8dcf03ecda4111bf55e1d5a602943bfb345cd01859673c7b29396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3bb8bf118a4b1fc22acb0eb27f0361cf

SHA1
f88817592e1eeee79ae7a7706a2522e2db53d34d

SHA256
a4abb596f805c8c64c312637af38b715aba036428a53b1dfd5b34ff1c4e61eda

SHA512
867ecbe5348a66c1009b56035729f4fe33cd908281ae7a2770508127e2ddf532b412cc6a85306ad02366951c72386f8d39cf7da41f4ef250a29c8c54e8db9e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d64c5c99d86c5b655d2754ed150f1496

SHA1
8760fac6c0da7c153e281a661d81d4e53aa700a4

SHA256
390169303e30f0a3b49ef1b03e521435e02536ef0ce753dbd37f6bc6db6eecf7

SHA512
d8e0b04c60d96f0f52b96f2c795dfd305146bc947c92fbc101c1e48047c13eb5becfb31f9530231de8bce734c8f5531ba0cb1186db1ced8f61887da6f275886c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
732cb152a976f23d7f63a85aac5e31f5

SHA1
a372f2c084e49a0df82ba5f0b814e739535a1a91

SHA256
b12ce7537978093a1bdda6323cb3bbfc462907be15acc0670b189c6a95c3f219

SHA512
fae5bf10a4b32201c06e2d9310146c610e4dc35bcecc786114d0ddc2a48749ec1f5d3dc6699befbcbfba8ea2686d43893af1a83805b7ba0b2e075ea8eea12035

Download Submit