Overview
overview
9Static
static
830bc4934d7...f0.exe
windows7-x64
630bc4934d7...f0.exe
windows10-2004-x64
6338fdf3626...13.exe
windows7-x64
1338fdf3626...13.exe
windows10-2004-x64
1342933cb4c...20.exe
windows7-x64
7342933cb4c...20.exe
windows10-2004-x64
9343ace5874...03.exe
windows7-x64
3343ace5874...03.exe
windows10-2004-x64
834818CE171...49.dll
windows7-x64
834818CE171...49.dll
windows10-2004-x64
8360390_crypt.exe
windows7-x64
1360390_crypt.exe
windows10-2004-x64
3360390_tree.cmd
windows7-x64
7360390_tree.cmd
windows10-2004-x64
73896f8a370...e_.exe
windows7-x64
83896f8a370...e_.exe
windows10-2004-x64
73a061ee07d...8c.dll
windows7-x64
33a061ee07d...8c.dll
windows10-2004-x64
33af4fa2bff...d1.dll
windows7-x64
33af4fa2bff...d1.dll
windows10-2004-x64
33bb691982d...21.exe
windows7-x64
13bb691982d...21.exe
windows10-2004-x64
93e3f980ab6...95.exe
windows7-x64
73e3f980ab6...95.exe
windows10-2004-x64
73e3f980ab6...26.exe
windows7-x64
73e3f980ab6...26.exe
windows10-2004-x64
33e75e8238a..._2.exe
windows7-x64
63e75e8238a..._2.exe
windows10-2004-x64
6400cad56ff...9a.exe
windows7-x64
9400cad56ff...9a.exe
windows10-2004-x64
940b3cb2a21...0c.exe
windows7-x64
740b3cb2a21...0c.exe
windows10-2004-x64
9General
-
Target
Batch_2.zip
-
Size
6.0MB
-
Sample
250328-vdc6kazry9
-
MD5
4b0434ee95a7ed21bd35a7824360f6e6
-
SHA1
595bca71378490bd11db6237735c4ab524b43cc6
-
SHA256
8b0f9d248e67199bb7f1a778a03e4caee7d267e61d8a7d70fa1c1f6d7944e96a
-
SHA512
1b35d0d0304a52a13d41e0ed979fee45d1b238df7a0ab6d9ee590cda33da4c4bceb44c2bd567763eb54e893882853b81aff42a2386b8b1c05c7dcfc07173cf4c
-
SSDEEP
196608:KpdJTVD7+Ts66FiucqX0gJqSrjj56onVjnqK1prd:cdJV7+AKucqEgMwXoshTprd
Behavioral task
behavioral1
Sample
30bc4934d7e29c8c4c4c9be0510fc7558fddf8db666a0343784c5cf1587b3af0.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
30bc4934d7e29c8c4c4c9be0510fc7558fddf8db666a0343784c5cf1587b3af0.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
343ace5874a5854858e11e6c196007bffc045717ed29db9b03f23d01568e8303.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
343ace5874a5854858e11e6c196007bffc045717ed29db9b03f23d01568e8303.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
34818CE171EA150B91429AC1DD6FBE49.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
34818CE171EA150B91429AC1DD6FBE49.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral11
Sample
360390_crypt.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
360390_crypt.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral13
Sample
360390_tree.cmd
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
360390_tree.cmd
Resource
win10v2004-20250314-en
Behavioral task
behavioral15
Sample
3896f8a37034429e9784d767765d85ef6dcde105320568516fac4e31400514db.exe_.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
3896f8a37034429e9784d767765d85ef6dcde105320568516fac4e31400514db.exe_.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral17
Sample
3a061ee07d87a6bb13e613e000e9f685cbffb96bd7024a9e7b4cb0be9a4af38c.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
3a061ee07d87a6bb13e613e000e9f685cbffb96bd7024a9e7b4cb0be9a4af38c.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral19
Sample
3af4fa2bffaab37fd557ae8146ae0a29ba0faf6d99ad8a1a8d5bf598ac9a23d1.dll
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
3af4fa2bffaab37fd557ae8146ae0a29ba0faf6d99ad8a1a8d5bf598ac9a23d1.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral21
Sample
3bb691982de416a7a4e57b91211e80bea82dcca7b4bdbf25c0c80451dc138421.exe
Resource
win7-20250207-en
Behavioral task
behavioral22
Sample
3bb691982de416a7a4e57b91211e80bea82dcca7b4bdbf25c0c80451dc138421.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral23
Sample
3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_Dumped_TDS=4FBA3695.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_Dumped_TDS=4FBA3695.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral25
Sample
3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_TDS=4FBADA26.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_TDS=4FBADA26.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral27
Sample
3e75e8238a6bbd8817164658696198af_72889f61171de37d6b4d59016c55ec52__2.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
3e75e8238a6bbd8817164658696198af_72889f61171de37d6b4d59016c55ec52__2.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral29
Sample
400cad56ff3d210346cf6c4795aeb607e5b211b3dc4a8421b9437621c254239a.exe
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
400cad56ff3d210346cf6c4795aeb607e5b211b3dc4a8421b9437621c254239a.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral31
Sample
40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c.exe
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
30bc4934d7e29c8c4c4c9be0510fc7558fddf8db666a0343784c5cf1587b3af0.exe
-
Size
184KB
-
MD5
ee041688d36494fdddf710a3ddb873bd
-
SHA1
1a93d78c2b2262c02e1fffd54d3f5f4aa8400b76
-
SHA256
30bc4934d7e29c8c4c4c9be0510fc7558fddf8db666a0343784c5cf1587b3af0
-
SHA512
c76e2b1bcdc179e358c159c87dde5c185cdec3659e7c33db686f04e3845547ef489ce600a51e99e10b26b0d33fbdca25edf2e1b9dbb81d4ed7f845c9167a17e0
-
SSDEEP
3072:zsj3FGQtB/fDq/8QJ+mkkk9mADOS0WlbEJV1OaqpEZtBgoh1vErXhcKrWfyB:gj3cQtB/fFQJekHSLbAxpmcKrW
Score6/10-
Drops desktop.ini file(s)
-
-
-
Target
338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13.exe
-
Size
6KB
-
MD5
f297544a20bda66ee6f98e3dc91060c6
-
SHA1
3e140a5df3161ff5d3935b1139275e07903cfff5
-
SHA256
338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13
-
SHA512
3f626ba5a5153a0a0a0d7b09e810689f5c79e9d0d017bb639fbc18b3d0c052ad179bb994b4fb25f0030c06bb8b741819620e65622c6bc47584ca24e2520c78a7
-
SSDEEP
96:lia+ERqIgNI9X6xIzKSnjeKk/GJi/T9oCN1GzNt:liauIq/SnjC/VpRQ
Score1/10 -
-
-
Target
342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20.exe
-
Size
1.2MB
-
MD5
a393b9536a1caa34914636d3da7378b5
-
SHA1
5aced706d9f6a0bb6a95c8bdf1e123485219a123
-
SHA256
342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20
-
SHA512
4ac4b2c2f87d305f3073f79136cec44cacca296f75451c6d67653b9de4a2b871409a11631e5ff5d76478c3043e5f47040e72e2f86db1536079f586c12ebd42de
-
SSDEEP
12288:2CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgac9Q9bNHTQx:2Cdxte/80jYLT3U1jfsWakQpNHTQx
Score9/10-
Renames multiple (402) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
343ace5874a5854858e11e6c196007bffc045717ed29db9b03f23d01568e8303.exe
-
Size
510KB
-
MD5
565dacda99cc8d28d3e650b4d85e8d24
-
SHA1
6c5f2ab498ae16332a3863e45d35e47e1aabe001
-
SHA256
343ace5874a5854858e11e6c196007bffc045717ed29db9b03f23d01568e8303
-
SHA512
534eeda2e7c99ffef2bf023aa3f68739953ecbdfabcd57ad41af08c8c563fe27f7f8be04e80bdc2904ed0632984968551ddb107917fbe6dfc7a0e704af313946
-
SSDEEP
12288:M7iBDowvTfS6ublBri5g3D7eJit/mUZ5jI0B57g3l1TV0:/EkStbjfdteUZ+0BQ7TV
Score8/10-
Disables Task Manager via registry modification
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
34818CE171EA150B91429AC1DD6FBE49.exe
-
Size
170KB
-
MD5
34818ce171ea150b91429ac1dd6fbe49
-
SHA1
765f7cea9ae6e126181e5a78b897304913530d4d
-
SHA256
502386cb2288ce85af522da55916b5a05c71d9a32a80cec396bc4cdd0e0ac665
-
SHA512
e44b009eef9710787ddf63d5038e15112969ef5ac952520f772b5ab78dfe57c42f7562044642f573c9480c76569ef9a7912cc5cd1b0472e4d61c25e79a03bfb0
-
SSDEEP
3072:xUiScf7Taa44mVg6zMe4sfPZfE8dreM9aSW3OKojVbc7n4CRWLvSFlp6+qvv1:xUUm4mG6zwQLaM9aKjRg0SLlK1
Score8/10-
Disables Task Manager via registry modification
-
-
-
Target
360390_crypt.exe
-
Size
2KB
-
MD5
955fc65f54fa12afaa5199585d749e67
-
SHA1
b4b401f7ce39cdc1444c7505206f22e2d8177336
-
SHA256
286f57eb83302eaee7fda4836e4197136f7f9de0b6e4ff3df7649e3bf2f82389
-
SHA512
d9b35e6e92af712586424228986b9a45dea5ac1b7e54bcaecc6b24d558589d4fb1976c66f11de591be2855b0900bfb0b111bad3b0c1e81f62387f1d3f725245a
Score3/10 -
-
-
Target
360390_tree.cmd
-
Size
15KB
-
MD5
49163792f3b8c4f62018670033e9fc82
-
SHA1
f2d8da51a9371cebc0fd41cb3d86f3768e791fae
-
SHA256
4637c6b332d640450e7cb3ae6a6b0d7d4451454770699acf364d855e28805267
-
SHA512
2fd7a02da20ca41c27b30f272bbf3bb186187492fc927a9dc8c7ea36b22c9e8ac6906428cab27eb7f907a21f352a2c7ed6ce60e48e0d9c35238a71ee8be6efad
-
SSDEEP
192:iJCJ+JGJ6JaJeJWJSJSJeJ2J2bJ6JeJGJiJiJ+JmJ6JaJeJWJSJSJ05:iIU8Ao8Ug4UMcbYM0goUcAIcUg4C5
-
-
-
Target
3896f8a37034429e9784d767765d85ef6dcde105320568516fac4e31400514db.exe_.exe
-
Size
516KB
-
MD5
b2b0e6184b82144f65389d39f1eadd0d
-
SHA1
17311fb1fb33da5f303ae30ee7b4b60b80985d2e
-
SHA256
3896f8a37034429e9784d767765d85ef6dcde105320568516fac4e31400514db
-
SHA512
d1abc2c74aa2bad9ac8a59c1552904e6d65717786ed7a193c4fcda23218371bcad0953848f1e1c5b9df50a86e2549c6da35c6e372366826dc25f042107a8babb
-
SSDEEP
12288:j3nZMhJ+ubNmzdCanVtkEY70mOpFRxd/GAXl0xtiNe96bgRO:j3nZqfbkzkcvElOpPj/DA2+6ERO
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
3a061ee07d87a6bb13e613e000e9f685cbffb96bd7024a9e7b4cb0be9a4af38c.exe
-
Size
831KB
-
MD5
093e50c2d493f7300abcbfc4ed40c955
-
SHA1
8ffa33374b41c1ff4a209de04badac2c51fcd081
-
SHA256
3a061ee07d87a6bb13e613e000e9f685cbffb96bd7024a9e7b4cb0be9a4af38c
-
SHA512
2e086b06c64c610971e804365394b6e1607eff7036ae43dca7f49104086c2a57e1a8360959e3ffce6efb034044a3326feb3ffa7331ee5993ceb92f8f1ccf1166
-
SSDEEP
12288:DWvcsSHPUCdmmBeBCvxg1AcqY+4w5sZLZWp9VR3kb5L+s5ENOeQiV1Li/k6Xm:eummBqaJG7qRGLeYeXV1i/kS
Score3/10 -
-
-
Target
3af4fa2bffaab37fd557ae8146ae0a29ba0faf6d99ad8a1a8d5bf598ac9a23d1.exe
-
Size
603KB
-
MD5
1a81ed9b043c7bffb1177a4d13dd8065
-
SHA1
c47711d08eaa7dea7299bc205b86e99dd3c40fcc
-
SHA256
3af4fa2bffaab37fd557ae8146ae0a29ba0faf6d99ad8a1a8d5bf598ac9a23d1
-
SHA512
b5842a22df1c77c49b86e348008b8eeb8f295d6b34f93c0ed8ea1b0edfdaeacb2446cf952de7b2fc7a5943e22495caf3f68f893809919376642e91103cfcd041
-
SSDEEP
6144:QuML75oIlCGJPY2Z2AlptXbgz0+Q4odCGfTnpbEdd/fudqsa0jucQgBMacCGNoEx:koHEHblpWz0jPLhEfgP6WMDoEOYQwfE
Score3/10 -
-
-
Target
3bb691982de416a7a4e57b91211e80bea82dcca7b4bdbf25c0c80451dc138421.exe
-
Size
205KB
-
MD5
458c1cbd0ff849119214e739d8815f37
-
SHA1
64d26b1614693f15bed6bd4f4d2a6a35b2c4bc9f
-
SHA256
3bb691982de416a7a4e57b91211e80bea82dcca7b4bdbf25c0c80451dc138421
-
SHA512
695f17ca034f7c894bb87bf04db20a2387f144ade77188f497870d3711d0871c721b86327769cd393366b162229ad649671e111aa5b5b80d676156f47ededd08
-
SSDEEP
6144:JJOIZvsEy+fDjKSGXwLfjFU/coiqilMi:JJOIKEy+ffKerjFtoiLMi
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_Dumped_TDS=4FBA3695.exe
-
Size
72KB
-
MD5
facdc4646b7f1876349cf72d6490f1d4
-
SHA1
27bfa893b2f73ed61764a2f2f3bfa0b03b5f76fa
-
SHA256
fef9c6c514e2ee00b96f6d33026f91080e43ed854d3aff103826d5063c9e7778
-
SHA512
8a8f08230ced45ed6e06351ee5c2ae5afe2e52a7a0284fbe74474cb9aab848a5e4226d041f4c3d50ab45c855d627e5e581a4fb66c43ace6c4ab092597985aa4a
-
SSDEEP
768:Fchho/bbYYwktIZwTUtv3h12jG6hdYWnXAjpWTbBbIKP077hPsxPaq77tiy/r:KjoDMYwEINR8j/Yu2pqOd77hPxy
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_TDS=4FBADA26.exe
-
Size
52KB
-
MD5
ca61cd4036c218e8197896c5b97515dc
-
SHA1
26520452eda2e766052d35630e59ecf7ce8de629
-
SHA256
9118d694540722bf703ae0b0e7fdfd5d04878fc289615bbed9aeea524535ec9c
-
SHA512
4528291fe2a96ede9a886b579b40923d7d0951b59e6bc51a397db84c413854a213a68e0abe6c0a4aece80101167527f2b1cce0a08c5ba2539de9a0e0c1cb103f
-
SSDEEP
768:lGUGWHeFkc68dT0Ju3GBZJBATs6lV3jWpG0R5Kb8AD:lBJeKO10JWKCIesPrK8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
3e75e8238a6bbd8817164658696198af_72889f61171de37d6b4d59016c55ec52__2.exe
-
Size
244KB
-
MD5
3e75e8238a6bbd8817164658696198af
-
SHA1
3c0246b41063f5ea26de9d96301774836270eff3
-
SHA256
669ae51d73a3fac117ec39195efb969cb41a16fadecfe412ad83b767b25ae2ae
-
SHA512
7e0ba0eac7395162c071fd21bd9b525de6df25067c01dbda28e1d33072159b9c4c40ec87e52e9abe1b186aaaef36f0de728f1849f566fb4c2d42a620da6d65af
-
SSDEEP
3072:JrwLB3HRdkT9MyJHT+/PBuZqWq6aIDMVV3dWklykCbZx5:Jrw5HjkT9MyJHeBuZh3DMVNbykgZx
Score6/10-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
400cad56ff3d210346cf6c4795aeb607e5b211b3dc4a8421b9437621c254239a.exe
-
Size
1.9MB
-
MD5
b2db12c684763da2cba50c6346376ef5
-
SHA1
f186ccba2d7566968b8d14552e7dd3e6898c35f4
-
SHA256
400cad56ff3d210346cf6c4795aeb607e5b211b3dc4a8421b9437621c254239a
-
SHA512
db2be27e5bc919bff1f8c58b9d66a9767f15731391cdc1a185755016b17461d8c7c77b62ecace75cc226011537a0dc3de6e9b38fef5a1f2db20d0bebc203abfa
-
SSDEEP
12288:uNE0rbJMurexwCPEbA0RgxegWWDeNNU1TH1wd6PO:RxSb5REjSNIVwd6W
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c.exe
-
Size
268KB
-
MD5
12666b5054cc0cb62cf758736340c1bc
-
SHA1
0f9ec608413918adef409e8e97612b6e71fd1bc7
-
SHA256
40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c
-
SHA512
df49dbcd1f2f0bf0d0129cb4e5dd343fc9fba1b46a7fc24db3e1fd560816ae86e79c360873ac06c62876051f622a9a54a327c3aa3019ecdad4a32f9dc9a68a77
-
SSDEEP
6144:1AZMCVtysJu4wCZt953XCWSntmb6IEACyoO+:u2wXCBWLEA5n+
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
8Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
7Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Virtualization/Sandbox Evasion
2