hxxps://www[.]google[.]bg/url?sa==lmJbUrVkteBSZP6dNH2FJhOeCDu&rct=hsLxqG754BlghK2QJ5HDQ4AKi4wQBZnorbmxJr64rHWGQKiY8vXwNnF7oJmUXVDkZh&sa=t&url=amp/j%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BF[.]%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFt/tt/ttt/opbM7LDrD38iV4bUsCGnwWJ1iEm/YWZmaWxpYXRlc0B0aGV0cmFpbmxpbmUuY29t

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-01-2025 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.bg/url?sa==lmJbUrVkteBSZP6dNH2FJhOeCDu&rct=hsLxqG754BlghK2QJ5HDQ4AKi4wQBZnorbmxJr64rHWGQKiY8vXwNnF7oJmUXVDkZh&sa=t&url=amp/j%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BF.%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFt/tt/ttt/opbM7LDrD38iV4bUsCGnwWJ1iEm/YWZmaWxpYXRlc0B0aGV0cmFpbmxpbmUuY29t

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133813266776165069"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 3552	4772	chrome.exe	77
PID 4772 wrote to memory of 3552	4772	chrome.exe	77
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 2960	4772	chrome.exe	78
PID 4772 wrote to memory of 836	4772	chrome.exe	79
PID 4772 wrote to memory of 836	4772	chrome.exe	79
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80
PID 4772 wrote to memory of 3540	4772	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.bg/url?sa==lmJbUrVkteBSZP6dNH2FJhOeCDu&rct=hsLxqG754BlghK2QJ5HDQ4AKi4wQBZnorbmxJr64rHWGQKiY8vXwNnF7oJmUXVDkZh&sa=t&url=amp/j%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BF.%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFt/tt/ttt/opbM7LDrD38iV4bUsCGnwWJ1iEm/YWZmaWxpYXRlc0B0aGV0cmFpbmxpbmUuY29t
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1e00cc40,0x7fff1e00cc4c,0x7fff1e00cc58
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3440,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4832,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4980,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3100,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3096,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4976,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4884,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4604,i,16720030408045680964,16758724738920582769,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ed53accddbfdf41446e18f66dd984da0

SHA1
f059679cab71a48d6fa09372fc5f3684a6224185

SHA256
7a7e8510988605463ef6c3a6cabf9fdbc587b4260c47981eca6ca1c707852cba

SHA512
3f21b832bbc2bdb9dbc43cb0bcfa50f03a3582c33f50ee2f1ad6bdb9e4e7f6dca6e78e99775171cd62a0ef78a403341a16c18d8954b55d1ea36c9f684f969cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
408B

MD5
d0abdf548b7b4b11c2c34c2b1c65bda9

SHA1
b5002ec903dc4c6f65df1e15ee166d19aab375d9

SHA256
ef7193f0befd82aaa657007bcde6f42dae596d50948a0e96aa10ad3140a17b70

SHA512
46dd8841855851fe5524bc53edae101c2618eea9d7c87e6f73d3399c923b841cf9e3a089eeb0210e526e8051e5e8d3c9fbcb57f8292cca71b0b3609401c1d640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ddf9c3ab6702c78be3b0d8b306b2a3f0

SHA1
f1e504abc533f4fd8d5d4c055f0e71820d79712d

SHA256
1e2e7bef1ce0131f5e15d88e15d6d2a5c8ceaa2f11e29d4b3d028233c689d7df

SHA512
5a61371f17835fa1f6a413212ac70e41cd31203933ed8c97be3d48c8a772d859bb2f700adf634d32fa85fab3decc8d3a0cf9af7eb0e61aece36633a9dd01ca1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0297d493bc0bb991fd1c719111631ca

SHA1
647bb28b6b3af01010cd7618d57502f07b345bb8

SHA256
5f132d9728cb5a3fef55ba18d2e55fd221206fad80d0a20ae613c63208943af3

SHA512
f5b55aff4ddac29c75a950738daa5aa69b98da6cf71ff5e325104625a6f5e1afbba4a0fe6a2dd3053596f21c6d98b560bc6d39afcace3d6e0de9e3d4a3831290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
fbf2ba774bcea545db75978698a1cd0b

SHA1
14d1d489c6a242fe1f9919a380f29f972d7a8aef

SHA256
43195c11d1eb509ab673aa0630c4b23e62e16060a40b0f2271901d51a94c0840

SHA512
011ec230eb2d18c10248254f6ad8510b4752a07b9eec613cd9f4c77523e8e25b6520d4e5cbf481565771e998b5dbefc3d846ef39ed78627ef9bdfbb55bc5adeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb59ba009bd415946561e0607b99b67d

SHA1
d10f831181b42cfa90f085a16e2aee44e274c12e

SHA256
9cb1065c2c08c02558cb259fe60f4f8d4e0093ef9d8a6225574fdb7c33c18f56

SHA512
31e5f92f0db1ed9e1b2c43530879594554a99d95f290cdab9c3bb453b371b2166266751654ff6b6e74e6dff0f6582cff90c8c96ff32174bee33056216b775d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83292699964b199b93daca3e7e8bf781

SHA1
bb25fbd40c27d2e63b110789a5eca496531f9460

SHA256
c34de9a5d2ea486ea3bf3abc0c45927e6aff08e78b3072486f7c53ff1211ea71

SHA512
9381a8dd29bed4a36256a71437c3bf1c494d8627c4b6baf33f3c5ba0f58d90cbf3ab26b85cfc6111e1edb3e5d6950fcf418ef4aff5a8039eb08bfa60ca2d4f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee6fbdf67841d236a2b4217fe3ef5cfe

SHA1
20f2270f997e69c5122f410362d11837237920ec

SHA256
11ebc34d2af800533a9d5201336ad9f73778a61dc50c8f322ed6d8d0c7a7c361

SHA512
6eab5162a728c766c7ef0eb79b9358a449c9a5ec9d61fcea882fed69be6e6bbb71e345218c16dfda0d0f46e875f1b2924813ded8a5d44b66e538cb59a6ef02ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4afd692407ce99e8cf28f64376d5c82b

SHA1
9b9fce313dad6c752400cc0a3c2be47b484b9c18

SHA256
c9458fe1491ea3d599678b5c41a135116399b1bdd08abadf464f339da2b6e877

SHA512
1c28997699e8f231f6e257536a3d4e80953efd2501edd21d7f197db21e520bb62e43160fcc1f7e229063da0cda62c34285912939ee2fff3f9a5e6694c7b67639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6179162b08ec8beb2b885e846c3c7ee

SHA1
21e3eb179646ad9c4f304e62dbbce25acd099cff

SHA256
ffcf393f47a17d9cdc8faf13f3267d1f63dc4faef6c7fc9156d612ad267fe927

SHA512
8910d1dd7bbb9037afbeae14e7ca22b8abdd0257ddca4b55cf43580297f042c037a071e463bc6bc98aa56000b55bbaf362e77bcada974231c7458437e4bca07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be85f8dc5c100fbb49b6a522b444f02e

SHA1
c120edd5666edbac0c4fc81d08a1e61e6d81ed30

SHA256
d2b74c24f793b5b48283314a6f205acff28ee4049fd253cb847b4371d421b9f9

SHA512
52170c790f71aedb98bf14e5d3f19b2769b61d906a9534e78fa08a6a63930de46061205de42ab05658d763b262af0b83ce7ddc79837a203d5e88433522fc8dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44926320b18d700638b725902b59ffd5

SHA1
9a25ce1d2e489d4af65cb8f1f09e58f9ec0fe26e

SHA256
ae88559c6130c7fe77fa5460a6e42e364a44dcdd69ad1d98ec37ae902d59c3be

SHA512
f517a51388b53a8593dc04d8658b11c7ad7b4fb587875d06bf35410a7746ef3afaf69bb11a0b03da9d65912728d6c356e3393acc00c5b42f3d8c8d79e1d480bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b21898468ca9c0ba648b91d84baf9663

SHA1
38f2314153eaa9dc4fe2ac795b9428ddde35d9b4

SHA256
ac76403b6b0f274242d84ab864a7e7203bb9085c4ace65449d055e27a3aeebeb

SHA512
156a82bd5ee91a43af3e191040f346b7ace97078d54e94a20cb5aa25646cf3a9a8501b03b075b5402b3d91ab21c0e1b98dfeec293a224ddda398315c84f9a8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6bf92ea4a99283a6d75379603f203dbf

SHA1
facf5160dc682e57f7b7d590310acf8fcc415934

SHA256
cb93d90bbf1a0cdeb867df1dc3ef472dd6d3d762bfe0a91a1c0f598859dee1a8

SHA512
59a3d96dfadf1659271a71d38fa263a2a3539023b9ea7e92fa2651e86975333d05c481c013dc2a647248910575c4f6cb951ce38015ef79c444f7f674831b4f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f3fe4833019ee63781bc7ade1a6dbb9

SHA1
c43d7373520527292db45b2b0facf590a60b2b89

SHA256
1aad5a3dbf6e601be757955bb45aa1c48cae28154da863411e50b27e6570030b

SHA512
6879c67b50e79d282fae09ca4cb6ad35b13317f3c1c70bcd5ab2f0368a6cf563b8d8211816bef9670a7d64b6d34fb6393c6d319fd9e80a617d319c4020a61bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00cf512496b4398af4590cf2ee49a729

SHA1
c8541a499a9c891079ac289853acb47347a62ee0

SHA256
e8d15ad605ef7e28be28c162c510f81e1a575e5980f1a364e021988d706b05c2

SHA512
f89a346c103e998679fc1ff61484a5436a3d1618057ad20659ad52b4bccfd6d43158eda4b530eb0f1bf2be80e4d95c2ef6154c25712758b9b0b7dea82043ca0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
bf51c354d6322ef53e950aefb3d08a5a

SHA1
f14428136442ad5e42d08b0f89826ac1fc19da6d

SHA256
627b7239c099940c50eb71951bb1a47d3d35bead5953a4f6798851c2758ace44

SHA512
2c7fba928b92f99f79c2bbc4650444294355d66bc0dc57da20f0d3a25a98a498c07ba74cb821822589912510588a7f0be9c2d643fa056bf7efc3292b0fc6178a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
374f39cf1e35d8b1c48e9f7181497e8b

SHA1
f67176719f1f798c2dd6efee8b992e3b9df81899

SHA256
06f31e6c15e29d4d592dcb50047b8a438e3c6b852c94b4f72ab7da05aba45980

SHA512
0d9b759146f1cbb3d957a1f228a0aa7897892831380a2589d844c7912a8e03cb4bce43719f8a5a0f6eabc0332a7f322d3345ebee2bcd60720124dcf5724b2f94

Download Submit