hxxps://vaadharabanim[.]com/

Analysis

max time kernel
195s
max time network
196s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-11-2024 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vaadharabanim.com/

Score

7^/10

paypal discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: lottie-player@latest
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: vue-skeletor@^1.0.6
phishing
Detected potential entity reuse from brand PAYPAL.
phishing paypal

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771079801384403"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{9F6AA856-3308-4350-BB34-C943ED4E0C37}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 3616	396	chrome.exe	77
PID 396 wrote to memory of 3616	396	chrome.exe	77
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 1020	396	chrome.exe	78
PID 396 wrote to memory of 4276	396	chrome.exe	79
PID 396 wrote to memory of 4276	396	chrome.exe	79
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80
PID 396 wrote to memory of 3892	396	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vaadharabanim.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff947c1cc40,0x7ff947c1cc4c,0x7ff947c1cc58
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4404,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4388,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5224,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4724,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4472,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5404,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4564,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4832,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5576,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5920,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5776,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5876,i,16805566374380998950,15867867729061787189,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2620

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
405dd156f0b697f2d0702afedb827b80

SHA1
41e7bd95b48a39edd67e751abf94c92b6617271a

SHA256
a764eb30b54d11ded5b23807bca8dee0a2a36b921de032d8923b11b5eb835e77

SHA512
981f35b0c8c9261a4ad7c6c4cf01c5e062f510c7e58affeea3d541510a8bff28f124a0a0142ced89502b4540b50161d201e61a5a0ba08b7504cb6560f5627d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5b771ff8a1a365aef046cc3df63db657

SHA1
36d8ffa9c124562f54266390d42067b819a056a8

SHA256
818d112562086f3b10932260499b8dd3d28601949dc9975a3cbc649e185ab4ef

SHA512
e0df76e84a260126d1ebba624128ba628139a7200f9edce215b4c79c1b3a2c9bc97fc22df3e66f69bc7f4f128ae437ae35351a61cfc3893054b2d3c56fed622f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
111184aa64ca7283ac781c11b147978a

SHA1
53350b5dcfc3140fd667ecf7c14a58ac68895da7

SHA256
0504743aff3f5b498d0eb89c67768e3995165b84be646ae148435c99652d3082

SHA512
67d8b0ece097c678d765acd65f2757e32b106cb1ae9a2c04a3ad4ded9f769cf6ecdd03166ef5b22d837eefb3c6763d211f2e9874e962a7e7e5db659f5c03c4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
48b2269b2d8ce09b647608d0a25c8dd9

SHA1
bb8b3e52b9f83d236338b33d9a0116bb7f619dea

SHA256
686b5a58c4af79412e701d8d3ea6c1b364b65893937c85f9c8e53f0012696f5f

SHA512
af60d25146c24569f0d47a9a8e432bd102b6b687a89f7030be47b80d1e3a16062e1141122408bc18392f0613bd2c2f0713cb25c5e85b9b90a13a0e88eb70a314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
71792c8c72ba0a25c634b946b87c099c

SHA1
152d0f3b8f3f0db32b92973f08f681cfc8a4c768

SHA256
0187422b97afbc824c257d5dc32da1cf7e9f615df761ae85e1644fbdc9c425f4

SHA512
a88e6c7f829656fe0de12894b918cc3e36b195001662e64106b1f25ba94b7e4295f6c007bdd58cc448d785e175bf6f389f8eac8f42193bfd29dcb389f2e6df55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8a64edb33e278636ceb6fdf043cf5d83

SHA1
ba4911d34b30a5f91b0e70beea64d4d869fd2669

SHA256
8b69b62bf03c30db52fcdf6d65596bb9dbdba195fd4d35413f09f7c46e019ecd

SHA512
9aa414ebf2dbbc2ff6233d2dd8c89b3ace3f57788b9d0f4f74ef2638354df6b522097fce8b6059d4bf6400e26b7c002aedbc848c017eac0a16d97d377c09a1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6aa9009f892819f69f87f016deb0258e

SHA1
11e4470dbee9c7784ecb1c22b0f163d8345cf920

SHA256
e3ae79cd9c5efa6d71cce8b467b919f84ca5aa7d50781e59a27bb126ec10b838

SHA512
f6e652e1454ed0e870c57aa9bffd0a6af653fccdbe9be2ed9f05e10826659c5e1c109ee4331eec923e9289a8da2f98bdfaa2ea91447a6d37f1acfba3e8f5b585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
af8986d8e95eaa3639c09123c08d62bb

SHA1
81a205de4e95130b8b6814f0238100dc8fec3982

SHA256
7eebc06ebf933cac74755b9d9d31f1b6c1f98d9edd630ec02b2ff6a552674072

SHA512
f6a31a1dc2e4cba5d96cc7d70ef97528e145180e499c471c8791a207ede0f3c911555080bea10bcab7f132734dbc3b510d39c79229f3ffbcd64437fb2b8c839b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
177e69a99f458251a6566fad67b49042

SHA1
37d30cc922331c72ca13a27f8bd2087eafbb5a87

SHA256
ab73e53b9daaaf0746c71aa3331be42457555d72d817dfb5f5e724608809ff92

SHA512
bbcaf202f172dadb7e41c50ca2d882d8c48eab82ef5c0d76f3570b80eff8d16020f8f92830ee016bd45bfe712f2cea7ca2dbedf02fdb3169b049bcb2c07091cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d1a909c59891ce628d544c7385a0f8df

SHA1
179992efdbcc4ce3d7eb10b8a8df47e6e645b357

SHA256
8435a4cb68504c411cb22d6e5652c910236b61ca4cd8cc7584d2a88d04ecbc3b

SHA512
6bbd9538d8b165a8e5576d72f9b1dfc751150d05f4a40beb39373232675907a472cde568f1026f1d353ce54d24e955d8e744887b40599b4524bc019f13be212a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c27d667f9cbbccdd1c5c559f14eea4ca

SHA1
c53dbeaf09634706f6fba2ec5375b8903cb4091c

SHA256
328624ed4939e0463c9c8aafdc62710c170a3c0f01ec65d619933618dac70c88

SHA512
bef8d45abf2878d54be5b4414dc09e4eb1f3cb40b96fdb437dc1056b7355a34f7637244a5303f6a34891390efcaed7a783b825d8a883101741bf8b41dc33b6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12facc1603df04d3ec065a550fb86be2

SHA1
95589d463a7676fe1a1d915dd556b7b893e8c621

SHA256
abd4244b216f3eb79bf18623dd8cde429d1cc5c16b4edcf84b0b2c4f5db7ba59

SHA512
3df71e5f44aa6a84717e6dbaeddf9c8cb5c1a0ad0677b3bf37bc34446632846166d59777abb7a8ad4e219dd35bade06fee49fccb673efd85316333f46de86a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56bd0c62995ca4822ad4cd21f2ab1fca

SHA1
267f2015d3e2ec9342ce440999580a7d1dfd6125

SHA256
b953be26893c7d032e39503a02e980c907c1b3d2af29611f8d73d95f829e7b01

SHA512
d08e60469106be5b4333602526f43459638d1d2051fee895f0a504dfdb55ee0fe4adfc4ea81a38ded048e5a3ddd996cf512810c82af75b412b9e5afb8168b0e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b548993eb63b39f7168cfc9da6a4edb

SHA1
fa226b2bcc61bccadc0bcfe1ecf0f579db20c4f3

SHA256
1912356d5638d243840f33d6ccd79662c59bc72d75b75228e5a6ba4516853349

SHA512
ef9add43ff32097374e5f030a2f8bb9183c78d4d6f6c9139a54265a8c6e9cf1a71df75312688a99976a2bebbec851c784baba0dafc6a2109e9dd76556c04066d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a04e778fc5b39fac55c2d96cd58977f9

SHA1
0905fbb047683162af3030b0ec5417c4630da15b

SHA256
073de24318317fa2c19284a93d572e10a90071850b8526fe5d6578c18c4d0f9f

SHA512
47bb235f42f9977455d677fabc843bc6bffd52dbaf0039dcbad3d602c1fbdfcc0a53cefdc5595ec076dd8712c1e564d9cf5c9248bebd4ecd3e23689ccf178f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92735bdaea29585ffad55b8556484be7

SHA1
3b263b8cdbd20d4dd4859e676018e21a38d944c6

SHA256
c5b86f0ea8bb52a3b1084b3dcfcd9298e41253cc45b683bf327f789a018c29c7

SHA512
4c6a358963de7459b1d0a0c58422dadd04409049849e6e1741fa6a9f0b34267f3856fb166718aa3e7c2275b6ace64ff8e98d7b77518d895c5e49541eac85ad6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b2b27ff4166a5476a6caa303f604801

SHA1
2984341cdc79665df5ad2d391f087601d2947f8a

SHA256
279fc6a7236fb940804a1f0f6ae866ce1ed87a46ab8b9200008d181b3cd8f8ba

SHA512
a369b9568103092fe6ecf04495297650cde78a5f59e46b468a5800aed285d53507b754ac4829d400d38f2359168d7a1f10f1cc7b7d719e2dc68f6a427106c20b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b392337a84d39d0dadfa5797dd338eef

SHA1
2a0f58fba0684544227d3ad7d08a6146f14e110e

SHA256
aded8765b93f95c3f6708299f21427cfc4661dfff9869d234f488ebacf9145e2

SHA512
e306d3f4cd6036ccf7febc3975686573def871733d21f4f4b389f2b0e6f04125a169736c496211d1c8122a3e05b0c42a1b9911882ad516243ed65a01fd1e7d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55054da5e732356b58bd2b2d321a4380

SHA1
c66d14584355588f3775e43c40fb4ce55d12a8a3

SHA256
e34334b93cc72011074702bdcef9e816bb7e6c22f47306eb738e2013426976bd

SHA512
47172c92887fe38ab82f711c4de4fcc7727902b6f9f71cf93e477ace4a1cdbdd17b6ea737f67bfdc7f1d46284c1250406ce4af75eef2d2c439d7dfeaa61a4563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89bc042c9173c09cdd75a01dd4ab1a48

SHA1
bdcdbaa81e8986388d0e0aa5b4e6ff85f974f24c

SHA256
f373826166b12db613e8e4f17569987c4d54a28ebac4232ab46a183785021fb7

SHA512
75625d0470b59c0304c922b21abf6ede24f83ecb75d0cfe497d91accd67f6c610e2257d4a831aac766f53260999d4497f4c6444d97d4e1bdcd38b1c6c8751152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f89b247aa5b75ea796a3d67a2115dc5

SHA1
e3f2b761af541e5449d216fe06f7c0cbf7754ae5

SHA256
59033a11d37661ab762a354921ef2d3db12ff887814f274306eb587727cff9c9

SHA512
0339c477b877bf8548417b9ad784c117082f55f01ed981d439204a64ec624468bbc67aa28e5399e421c3a26f6237188358a0e5b46e4ab3436fb4308566ad8f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c1dbe6cf189f7fde35c0d85e41855fc

SHA1
a149f1366ed3ef46e110f610350683ceeb4b6b6b

SHA256
cc2204cf56b1acf90fc17c2783d14c8e8f6f9da25868d4e03139e0bee35d2f12

SHA512
0998ffa15af55db25b532cdd4e5674635fc664fbbd02948e84c50b1d5c634e0997d336a1e9a13edc959102de8c44b327c4b6f8b734e8d443c2557a11a28f1088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6a7a6862ac178ce7f332db12441fab8

SHA1
1275b2c54dd7266c4c1f80f26b152e6e5e24021c

SHA256
00b995007c719def853c8d2b5f6deae0e82d7b65e928abb91fb666634b82abaf

SHA512
6b923ce41e9d769ecc1542397831199b9a687e71fed17372f1864faef7ff87cad41e0ff105ff6b7bb243a86e05527d0303826d8058a7d5a27e3b7af6c49c63b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e240d64fd8ff36af1c3d384213d0c01d

SHA1
acd0c1e8ff22797a20622bd9153d0e355a177995

SHA256
8de14bb596683acd10c314cd83db304ddb6c6a3d5f3eb998b0972ab01e65ca8e

SHA512
599947c4d29f9234bf477142cd5d50484ade0f43f5c86a4cf47d70bddc2d5b229eaf5fa752763cd229f60db38a82eea6ca3e681f2a1438c4cc0b1d9f22501e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0ca4eca0861f9f56218e5ee028a7f43

SHA1
9137b49b93d137ca6f138eea2be0e659b3ec18b3

SHA256
fa2a1ff5e76e20fe2f0f1a3fc0028028e1a60fcc01ed09950083f30e23072408

SHA512
54b7f601fa410e32cff6d519c3a947af9362886b41ca6472f2c4c44ce2acd311f93250e8ce835c17819c5302b93e9804b421926c447a4fd87ea72eefce637e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
843c5a313741c8013d7a7226598b1f1f

SHA1
c5a0eabfacb6d82b82198ee3b9dd0f72df93462e

SHA256
095d2db8595517a825d6e40e4f0eccc95d366600899e602dfaac72847c54a5fd

SHA512
5baace7a5b8573315a6c1f1a64a52e5d268eabeb679ab922880509a9ad3cf7ba40c7aab84c45abb387554264cf4b4fc41e73e9ee9256cc4b7f4a961f9e3c5de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2ea99e17661145ddcd1bb744524ae289

SHA1
1cb81155f19223f84d9cf25f38a506b026e715e7

SHA256
c1cde26c3f9fb56db3ae4cbc298955790cefacf7beb079fb3a396ce1c98f8c39

SHA512
ad88cca942e9dabd836fdf1b7be8f57d89befe32a96cda198d7b6766c1e2340334e6e0ea857405cb8472924e058827ea89b1e96860eef1988a45125209065824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6a26b29d71cefa6a8c8f4857bfe33e1f

SHA1
2004b1c269be7ca46db25cb3f6441fcfe9cda970

SHA256
5cf740de68e76207d02f01f93488099cce00d77058af01c17aa799d7d1760d7d

SHA512
95cd4431438894f1a7e21dc473c8abf20c25d31349125b1f400014faf43424f0eab6aa3c21583675d0e9fa4bf8e913fa8ea60914a3aa5b29c43a5b8b9acc841b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit