hxxps://github[.]com/kat15/NANOCORE-RAT

Analysis

max time kernel
402s
max time network
404s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
14-02-2025 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/kat15/NANOCORE-RAT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
73	876	Process not Found
44	3700	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
42	raw.githubusercontent.com
43	raw.githubusercontent.com
44	raw.githubusercontent.com
45	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3244	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133839761380614821"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 3012	1436	chrome.exe	84
PID 1436 wrote to memory of 3012	1436	chrome.exe	84
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 1768	1436	chrome.exe	85
PID 1436 wrote to memory of 3700	1436	chrome.exe	86
PID 1436 wrote to memory of 3700	1436	chrome.exe	86
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87
PID 1436 wrote to memory of 2176	1436	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kat15/NANOCORE-RAT
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff93171cc40,0x7ff93171cc4c,0x7ff93171cc58
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=1884 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4996,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5180,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5208,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5512,i,17177753057980495914,7471699653094948162,262144 --variations-seed-version=20250210-180233.097000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3884

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Njc4MUM2MTgtRkRDNC00REVGLUJCMDEtRDU4OEFDREE2QkZEfSIgdXNlcmlkPSJ7MzE5RjAxQzktN0UzRi00QTQyLUIyNkItRjBGQjg4QjdDMjNBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzFBMzlDNTQtQkQyMy00NDU2LThGMUQtMDM3RDA0MEM2MzJDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjY5OTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5ODgwODMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2MTM1NTQ3MiIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b66e688acb96c00452e46f6e5ed63bea

SHA1
dcb50594fb2cb3550b0b853a6b0386f8cc2dcb56

SHA256
316673e5c504e54416d1f08db1e519a1dbfefb99cc9687a6daadeead67606393

SHA512
69617851c945df0a09433c3abd640cc78afc8ca879772e402b2e91d32e382e39353ca845147549cf61e6bd82370081f0a5f8ec7f6b1b3453e0944b9c8d0d9014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d595bf8503641509565d7c6c5aefe369

SHA1
c4012fd4078da2eda4b498e32c866e0c9f100765

SHA256
74c892684836ab27effcbb2821cd6eb6a034b7309a1fc96bd19436a2aa2bf916

SHA512
9632ebd6bc927737456da807638b96986980f813f427b19e50e5c0b756505ce128b0e24a16ec0e87b08a1e987a554fbe6c938bd4c9abf5680ab5c524f2551f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4341d73f8bd51ce994ff5131f180a461

SHA1
ffa843975c595e0fa51343d8b4ac0d5953e05835

SHA256
4a07507e4fcd5ee3127a1ec87ce13c04daf8ab08f9cf110151475dfdca415f63

SHA512
68f3dae7bc7a2b849fe678f5c34bee06a9f26a6447aee0b8b7a14c66fc4e4d1c4be36cd9dc181cf8af7ea5b6932ecb1d67e08d8d7676a301b64f5578891d7dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b3be9248269e0efa0cba58c7d977424

SHA1
68f967342e485d72a9b3840aa2d3029f36f9c43b

SHA256
292620f9d7bd306c2f804dacfe723d8aa48ba644c0cfd9b4c0eb7e171f7c1f8b

SHA512
f5da85132f475b8c4a74960249b8bd218035ca7eb2f65cd15b72cccb7c36904a3db085d7499ff01562511fb5b1cf748f84a27e5fbca42af3caa9137252a9081c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2cb4b3942bebcbe1e59506b47f978f1b

SHA1
f05c583ed33804660f61b3234ffe2bcfafd55b84

SHA256
b2f3b9956e107830706f4980d98a36d0a90c61b759c183857e2b17bc2991ccc3

SHA512
be52621a135c93579a06df827354888ef9a795dc75fa8d355fd439269b1f88e9c3ac89196b4e964cd34dc360afdd99c6536c9b2181faa3f5d0e6f472220b05ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
407cd36871369579d94158064dda8e71

SHA1
e929e7c830e351985a4fd89ec953fefe4595ef02

SHA256
bfb4e5acca2d92cb799429a51f4406974627c2939540a74968f2c44ced18bcf1

SHA512
6e6a2ddf2f91c6ca1c1205d3944f6dbb7f9c367158e7569c7c325fec334a4602e92e6841ec9f9741720d4bf53865f28a758dd3629f1f9e601b608a33f25ad24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85b00c7e163af0a3734c6e89ea078a9f

SHA1
a57368877d06a373365fbad6392ec2f70e64e1e6

SHA256
ffd63e3072f35a6cca47e8a89a4ea794eb5951982a22cf0c9cd9066d5a395efb

SHA512
6fa5c3b9275efaa64704c1c28c74e663ceca2a0eb57035b98c819f68d6f7770591b29532bfe0891545bd0c4fac98b686308be2613f7340986e1962fe0227c97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aad177ffb608a1290424f3a240ec5725

SHA1
e9abfc842fda3fbcf029eea331c81baee4aeedc2

SHA256
2e868027bc2218966bac2a0f7fd946c0577793c45b471c938559780555e21f2c

SHA512
d666886bb6c703a5667b3b9d17f31c2b39357c768e7ab7ae9991d50a144360c5300da78c21398d1cadd61573ddaf9ae70d535ff838e28da96eae6595202f36a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bde3c8c682233d5483bf62a71d34512

SHA1
7a8fd90b149898e3224a7036bc91f72a688e8da8

SHA256
fa52105e88f74a92d12725a4d094507c202da15527b6e27b4f2c1f13e95c94ad

SHA512
da16544565f53fbb235cd06c3250e767f46954ef1639fdafbf7d36ef4962c93933c5d9629de8c067a57a2d2872e8e4c925726c00294c3cf26f5057d7fb8b3522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d74ecf96cf04b21ace69c1c1d485482c

SHA1
4f888c5c985acbbe0f95e3a044877218b9f84391

SHA256
f83be93a53a22c1479f9f0f910ff515582f9306ac88c594c2b7400b6e5b98a72

SHA512
6deedcc9dbb6c5dcf37a76c36309aabb125e1d6338bed03e5559a006c066cb6977e188e723eb344efe9664fa7921fce488f71fba5d29e397f23d2949ddf082af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69d7d43984fb7d2381d5066612612781

SHA1
a9a2acc8b35ae8b9e94bf032777b0dbdd35f7a96

SHA256
298dbd4a91fe7265dce7d8027e1796209521a81e24d9b03a16da59fbf67b6241

SHA512
74752a14bad8fd2fffcd1a0e67f294370d7dcb39cdffd20231468f86d01b846f1a790a704f0209777fc889282db09bd2393d4bd45956628868888282e75d370d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
539100c8126449bc8e3c1ab838fcb910

SHA1
8573f178fa8c0bb84e53ac49383c500bb3f250be

SHA256
84071243cb3d8c6da2d33ff429632fd722f17a78d9523c0a40f692e01375de84

SHA512
5a259c9bad77046eac9375dbe8bb64cb690a0bb59d7dfa4568053ade515b7d53e5b0b24c0657ba90353ffa762f66fe54ad8e25ad0b20e6ee1be00a905a915e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b596df4940ab9633d43fb77c9804dc25

SHA1
66b94105255d021deffd2aa999b3f65d0d92b88c

SHA256
d32e1c048f7b70b08de66e72ee6d5a8c9fca39de9c98724d0b011fc68a93fc98

SHA512
997de7f746a9c4933a8690fe382d3762a54879bf11d1763971698cb38fac5b8bce8f53a0cb8c951cdeb76122fda53c4d3c8e7e6905e5d5de52a4c6d81dbea99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2a36e9aad7ff306f9c3ca88cf2a0cec

SHA1
1cd18c1c354b41a7d26db54825243e249b84232a

SHA256
2c9ceeb1f9acc8b7dae2c8d883b2046dd0a09b630a895c76d2b7f5dd9179ff1d

SHA512
29cb311e144ebbbdc108a34981054f0a65bea325bd814df7b08d9e2de7ff093c002bcdba7ccaa41f48038134e0662d502b942f4d6fe25ef107409b5cc38ada3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f337a60947b4976b4588c9295bf9e1bf

SHA1
c5144d16f97c1c5c803e6a44ac11512b0e5641d3

SHA256
0e0fa43ba0cd2046e31673f7df122dcdd144a1dd98188f7f0375ab86150f4834

SHA512
13aa520d35e82457dd8250a5f9ab616c49621b4dee4a235feb66b6a340ca16faaed64fd8d83310e380f566bd0e61b4f420932ff52619aed81c9b09c6606edddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
313dba544996e27db3a71a846557671b

SHA1
bfc42cf313b60aebd0ee8a31d7a6864ecd364192

SHA256
1932bba5056a1347b0a330efd8b326b92fb4d8b0ccece8ccc07cb0e7cb079e69

SHA512
7152f69f4769aeb6a91b2aec486dc257dd8eae6061447a3732804bab628fd7f65a2b37cd4dcd9757bd016283d52a2344c1529cf18db69ad4d1b509198bfc35e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1fe6dcbb681ec13c8f5f540747da2fe

SHA1
4a0ed8493c4122f299daea09a30cc48e82f4f8f9

SHA256
2e389425466e993bc643672c7d70f81d6ba6bdfafc7775edcdc70bd31cbadc05

SHA512
ad6680ebaa46417bf342d688c067915503ba604b1555326e94e58779eed0cf60de97842b9f180a86233a1b8f83412f4c7f0488d35481c35d20bf74274e3728af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3c33560bc7954758b7b305e1625b755

SHA1
a6f89fe6af2079f7773fefaa504037b9014c9510

SHA256
03d4b412ddfd0b32f5401414249147d63256275f9e3b95be5167b4feb33b84ed

SHA512
8a00c1dfd19bde8a9ae73b2e9ecaf0699effae85e4b4205f2480a412c3301fe868e5e77b89247b476b95a5f9eaf1e327289eddc69e466455276f71a0cd0b8bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd0e7ec4aaf353275756e1f6b2787918

SHA1
defd5b96de345018e9e2a73f5e24add289089009

SHA256
15da75fd339a17fa341b32ac2e1a900083605855d8688663e205292bcbb25cbb

SHA512
570e033b14f83a50342b6eda720be4986ac17297dda8cb6ed0ffed67ac0d58012b201600eaa9dfe168b64fe5cc0ace3fc95692af172e1b360106a508b7d3f7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1849addc2468f1a885f10fce87545855

SHA1
b5e694bcc48bab8bd561f5f2a2e7a0a56815d9df

SHA256
bfe790cc968233ce46767ea29fbf13cb124751410314683325c944c16a8a01d4

SHA512
8d1aa2d4b2bf74635e2684d9edab3a9ed3467d433165100059fd49f4a292c528c390004c77baa3cf49d303e2f3cdfb4379b1b180cf68d10aa7731ea96e3a9204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
755881075501287b6ba1578817d87cde

SHA1
ee4199864962af514b56c9f74b232f5c6c739452

SHA256
11b2c782c298f910065b3b84bced87523c39285f3e0db2ec815c2f5a861b019a

SHA512
7a9e0c0df6baff43670152d64dc69819bd37479c4499e5663429eb529f30c58a2bf8da32d2264b964d1430dd9bb4b79532a6b69f707101e61ae9fc2167b36289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb325d5836a580b6eb84484178cdaa73

SHA1
45421dc69d3f324ef0e6281c6691ae232780e9ce

SHA256
f3b09d55dac4d9e764a0c90ad6cd86b10b9c878f8de57f3a777b9e2965fa2c7b

SHA512
95f178daa5fbf6117c3d4696d19d20846caf3fc61cdd8afffe043c05e1adabca9e6cde944312035459da698fcc53a5547d4ce16616ab817bc31df5a57dab5eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1edfda9df3a63deb085433cadf5353ad

SHA1
f620cef8e90f7f618eb596126a8d823691d4e5ca

SHA256
4ce143421c758543c9729da0ebb8990969b7f7fe9a80f65e643ae5e384e7d93e

SHA512
aad486bdc55c33c3f6f5afb1ec8cdb9546736babdf0155fdda12b68d0d761839e694c38a92ae7bf931b9a35c9ee190c4815d8df5c70f398b2b14a120d1d801b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6be5abb6f6bf577917a3ee9d06875629

SHA1
4c3dd65ab6edf4a0f5d5d489b34fd1cff9fefb09

SHA256
f6ddf19531110670fd86637411b8ea57d0c1e4b06d2f2cde0b0256efbef81e39

SHA512
87c778c8f62c262e50d8f13ff939d5cb827ee5c4bf4f7e97f661b1aba3f9fae99051e7ebab4d1d45b84d9de1715cea276e53d368309f1e041013e97e144a13b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7caf78aa4962dfc8648d4a6dc03cff13

SHA1
f307e27aebe7b210c8416db62b2f4e2a3ba46ea0

SHA256
cf93811d3e17c2c81e3ab92e9012696fdb2c6eacb3a01848d615356067b41a40

SHA512
9216ab97ff8a30135f38210faa028ffe82c53c3bde017057f7a631036624e67408c71b93c9d146a83caedd1105a9e2ae76e88a1b4bc7b98e28e13cd3a13c0b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd87446631d23d447461f4fcbad0d328

SHA1
9f2c356cfceea27e260ad20531e45226b66fc549

SHA256
2e05d63f6e8902245cc2b975b0e2e3a9c3e239d463b7d0c50e59f179f66a8b6d

SHA512
57ff57afc5b52b82e3bf6e45fda66887c8ee53123cf17e5f01215b2df288207573a18e4b2ee73d110e9405ac5971aefe1c3ed3b60bda5e595ab47b4725b5fd9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8269441a2af6f04c86ac28a73c698bbf

SHA1
7f6054e10207f7554a6c5268e1fe2f286fd3c2c2

SHA256
3a0560a5531dd243e404f6716498c9da79be28f655f22515ca9762df4e7e9259

SHA512
2f53582802baf9dbfdfde463fb9ea1dbb8ab7153ed24adab8915e0a3c1f38713904965516578780d3a526a574b2cb62fb8d69c16b6c58cb7e00e8fddc3374cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8a71ecf57e501bffffcf64e7dea2b62

SHA1
2e832b0b8d66ca0ac13e0efc1c22b77b9e125d67

SHA256
2204acaefbd740f1e3a5fc445b3c84f4b84010665f51c7e287068f77bb2065d8

SHA512
2aeb4776bd113cd0dbe7eea2cf8400f2288601b2d1d6b49b5e0f0ec3885664d2932ee18ee53563b9f28c386e70ac0a39d0bb495aca064d96051aba84e8aa30c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
e7abb1adb4fc3ac1641f61bbb9a26c02

SHA1
87e32b82896aa25ac8b9f250a0e5c49b89c8450a

SHA256
541f5d45b13d8cf4468e4ee70023301cb1ea0ecbc7703467d4f198db8033a3ed

SHA512
c2298069392e5049d26440ef18293186d56d58a76f75ddde397b2196b58696bd6e02efe9144d395aab4d4f63a7f433df8da349c7e53d8026d0f59d234e676b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
d4f89912e337087aa87cf3ba77b8bfa3

SHA1
7de21ac0e826a3ed8def3905a659de3522fb4842

SHA256
7e75800cc1c4d4fbbc1df1bbf7c2f343d51cc84b0136398269c3fe48e01ad7cd

SHA512
d768774257a906cfac1ee1cdb3c4ec2875695ced3a76e8dea8dbd1e8e7cf1a372898330522525faa836e360c6d2f27de03d41647d0a2398f4ab5792ea76e490c

Download Submit