discordrat | 4f108611be452635e169bfb8849711088e6a3199d779563b9cdbe4fdc4b2cd09

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spicy pics ;).exe
Size

78KB
MD5

10e250b8f44c5ec38a51a856493e16b6
SHA1

513445d4e837225a27b3eaeb9c7965e517f3d9b8
SHA256

4f108611be452635e169bfb8849711088e6a3199d779563b9cdbe4fdc4b2cd09
SHA512

24b13f1080af4d38e6e9b7017fb94eb23fc6254505ada4a83178624c2a848c7cd1fde093c6a2dbe0af5b920003f108db5c3f0bbb5208262b738dd82058050cfd
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMTU4MjM2NDcyMzM4NDM1MQ.G-FuwN.gpQY1-Zqjvbb29Mt5kTMhmNWTBMnnzHCXU5EXA
server_id
1301657933876039711

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796396019624951"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3180	chrome.exe
3180	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	528	spicy pics ;).exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 4484	3180	chrome.exe	85
PID 3180 wrote to memory of 4484	3180	chrome.exe	85
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1556	3180	chrome.exe	86
PID 3180 wrote to memory of 1004	3180	chrome.exe	87
PID 3180 wrote to memory of 1004	3180	chrome.exe	87
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88
PID 3180 wrote to memory of 648	3180	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\spicy pics ;).exe
"C:\Users\Admin\AppData\Local\Temp\spicy pics ;).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe383dcc40,0x7ffe383dcc4c,0x7ffe383dcc58
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:3
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3872,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1956
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff741204698,0x7ff7412046a4,0x7ff7412046b0
    3⤵
    - Drops file in Program Files directory
    PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5300,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4716,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4000,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5124,i,15628831042195610377,6699236411384229191,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0e6ec30ac3bda5f8765de6e97a653c8b

SHA1
db1ce05649dd2dbe3666230c242e9896b50238c6

SHA256
992378707d202eebd1737104e42ff5d10154af40a10dc8e57a3966ffa2def620

SHA512
ab5f8347f32bed6709f32c887de16883161c308bebc219c9e22c7e1d6332cea85620f6a4806a95d14c197a6ee6cd3249da7057fee7cd4cc05bf043b4ab813d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b0b6bc72587d77152193022732b5cf3c

SHA1
22c97c47592e43364df3d1c98258ee1e4ad00455

SHA256
164ea5c6e451ef9b01595c2af87a6937d89beee5c0fc333dcf19cb3d7844a032

SHA512
b785219c08c2482d2665897089ea4d27eee929de654e6239e8a2dcc9aa96fe67b9fd05d8ef9c99bfb823a0de5fc2f22661f57e4b77d8dbb0c4f5c3906f89e2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a8d6a8687037a6d8c4d29bfe5d76bd0f

SHA1
064973c628117ec49b59d515892e3907f87c5989

SHA256
7f41afac44b837d865cb1270265a341b1af5b6c1b7cd0ac57832c53c11774631

SHA512
cf4919d687fc4dd6c4e00b6f826a9a0fe5b6615a74b0687589fc371271cbf8c834a12fa0783512cb5d9e878290eec6370a439f10edb17ac4955e47c038eaf247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
59d29f3092eee0f6715856faf5cb082c

SHA1
b8b9a997c24039573e380119207940a78bf43da6

SHA256
c612458c0281c1a214fa6ab0e1a753018dc74f5349260b5494c9f0ab33abacde

SHA512
72d0770dd4fbdbab21315ae919f5234e00507d3dd1adfc0fd453285279f56dbc8c1faf74ecb50b1c7222b9a1b1ebdc8aadb8873b933ab50ae6aa3c10c1b88646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33d2d54cc63f02507ac5150aaa3196d5

SHA1
0e2f396ce3597fbc60187c94dba89f2c08ab3992

SHA256
d7097845969371a108e5184189e79f2f8e03224e4b2c4773a756b3e3088cad0d

SHA512
cb4d0f64a1baf147d7aa1b4a1af55c49c9aaaed6ac423b0b6ca76f44bc786492a8600579620508aeccc1b5e701a2c16a3bf23ea6215a6f9b2bc5419b2ea36ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d93d31a7da03391e5e77db8ffd7dc904

SHA1
0f0c960d2df25a9ce81b29fe5521b6a0f4bb0eae

SHA256
290580ec0f349133f4880cc8c405f0316eaaa0a9386b0673605850d374b0b72c

SHA512
0aeef45c663d873874fc6d4ddc9c4ad95119c68c72567afe433edb3129e7ee353652ab5eb0886607d4be30f5f7556ea5134c8b7a1e7935aa3887289dfd917547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b04a206b3f9a0f8afd12f71171308f3d

SHA1
3739e68c4ee93581bd9c5180201c87ea89c6519b

SHA256
434c646030b3effe6cb771af6404ce5fe82290972499afe92c67e23b3d5e6217

SHA512
54fcbebba7cc4b7865dca2f733b46b700be2351276b2b94e0d4369ab1e22a2ff160e7737d68724b2c55aef37dfb13e44fb535a886fcdc8fe3dc157d437a3d123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36b963b301a9dbbad7a6319fb1dbf5ed

SHA1
a55d5251e514606e55c374a12524b495078fe149

SHA256
b7c9b3e523594070e2c162a1bc28776a009ad9de411686a7d57ab18d23dbd3f0

SHA512
8619c80f78c98a935bc7fdec917ddba21e69c79f9ba52379e955e6482df08090c87e5012150252a5a82b83300e8ea5e6270c66590d8875cd2686e53434fb3074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f44275586e42114f7d6377f392971b66

SHA1
1707ffe6015c51e8a7452e945675b227c37225eb

SHA256
f7b19efd61b9c5b75ef9e8b2fd7329ace576b282de7c81ef63bb0a7dc9de6419

SHA512
5abe9c5b31eabc0b35a1c0220c038705adfc1f58c9a86d9891333305b4ab3d92f411938915ad4c9bd73cc64c88d697563248d3a86d81561f9f1af443cdbd933c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79c840bb8d707fd93fe471d0049abf81

SHA1
b49a56cad0c9ca01804f8410ce41c536eedaffa1

SHA256
d3def1ed0e8bedc4b1173d68557ba78b0f5b9d0d93b704417c1c224dd831afb2

SHA512
4c9f7f6746282731a694f5e9c9bdb97c2e9e26cc1168b54dbd7ad3eece1e873c80fa139a0f935f5f90caf80afb7bf404f798e8ef002aa05885d6fed373ce92c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f1e937e3180d931a651626f5ce66ee5

SHA1
1de9d4c7abff720762714fa65d71c9bd270779d0

SHA256
bacde8b41eb509a6e8985443a31c7e8a9f80c265b2e0a9dfaaf1abbaaeb484bb

SHA512
11f5c3a7fb4d36a741821940ee46a823fa1c17554d4516643acd94fdd756090872a6d98ee29d92d425536a094cb3fe694033e2c4a8f081e406615d5ce202087b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67cc9301328535957c32616995228245

SHA1
e09d851153d578f87e7c89fdec070b599b8cd00d

SHA256
3b725c3118c1f397d4f09e63a59d4bab4d36a49dafd71693dce439c40cf8840d

SHA512
8ddc993440633710909efe648363fab85f3c5aba9678c889847ba4851d292168d1457839d332fdf06feccf63ee8f7f10128247fd283791fa940398f7b8b73740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f605d67ba685e829c1a0e50c042664d4

SHA1
cd5e9e00f7ac689efb846dabe7e8af739ed1d1ff

SHA256
470fab2b69672d4f3211345f56efc1c9483d402c7ec4eb583447205e019dd7a7

SHA512
f703c7bc2566ea87e606e364f665cab698c7aeb8e7a1bdf25596211b324e29a41b1286989df4abd48ee76e0f58e9762b39c6e93e317487c75b56792cc844a83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
71a7d60697eb7070aeac180420a5e3df

SHA1
d607a0e19097b75c416895cc773e98b5a446313a

SHA256
1220cabfdde3861f1f42e4489b85cde7be3abd1816236264956aea6088a30bac

SHA512
c1aa0bab01d09250e5bf2a176ff0249b44869afbad7dc5e5d2f797e9b61ad7cefb7b7dfce30dcf53b0e7b137e0e2a41108b754d80ed066e896e02ba07d786c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4e36dd4af1b245f402c3c32bdd71402b

SHA1
c3946f2fb511d0c864878e3f0edbf4f49ab6edba

SHA256
5b4e7e6e72509abf8e9945f70665792a4629db21700dc0c1e26c91b1cdfb39e4

SHA512
558d5c6b8647033d8083b0ea7b1c1fab6cdd58e0275efe473917a72284c1b36e23679ab65ec58822eb0b9da3be3f4eab196b41515a2b57badbc5155b228d9f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8f523fd752dc810aa22bf60922e417e1

SHA1
165ec0c42210359531878169d9cecc3208cdf499

SHA256
3f7d9e7e98bc4fd2978dc067a60da13f0efce56f1d25fc8f4a9d2fdf643516ad

SHA512
be62d789f1a261977e4bc6e977d3ce7a7b9f0d3deeab018e346ca3a29f2b0e6118826ba68fe069976703c48bef107860e3905dd64dc169331d44a87385e8a55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
eb9ef33cf02c27b141b8f2c5ce5fb459

SHA1
58573601d2cd532aedd5f6afb34a8765547ac065

SHA256
21ff95350dc949fac45a73551c61a8644586f63680ede074450246355c4dec9d

SHA512
4405e0912ad85e6e65c64c19cc24d1ee5d6cb98041ef05fe58d78f3c1e40b561f880ffb80d46414a0969c6840152c14a7086eb16ee0660175ed76efeef07b005

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3180_1924519336\39b6ba74-e030-4821-8e14-1e6105831a77.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3180_1924519336\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/528-0-0x00007FFE3D2D3000-0x00007FFE3D2D5000-memory.dmp

Filesize
8KB

Download
memory/528-432-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download
memory/528-4-0x000001D633660000-0x000001D633B88000-memory.dmp

Filesize
5.2MB

Download
memory/528-3-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download
memory/528-1-0x000001D6187A0000-0x000001D6187B8000-memory.dmp

Filesize
96KB

Download
memory/528-2-0x000001D632F60000-0x000001D633122000-memory.dmp

Filesize
1.8MB

Download