ed96caac4a2ea5f3c8a295008cde2cafa667820254ae80a1cd87a9a494f0c739

Analysis

max time kernel
464s
max time network
461s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2023 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

paint.net.5.0.2.install.anycpu.web.zip
Size

734KB
MD5

e89beda41843c048e1ac4272433daa6c
SHA1

24137615dd6eaa6b465aae19966622f1c6be85c2
SHA256

ed96caac4a2ea5f3c8a295008cde2cafa667820254ae80a1cd87a9a494f0c739
SHA512

30b2c62cf1468afeb8ee8578dc7ccdf5413443bb1a010fec1813c576678a178349e66e4d6a0d00c209102ab460f33e7bb031e0ff1d686a77bc05dde6be2efb51
SSDEEP

12288:kR9mWOYb51N5r+pA9bvWlJ20xg7HWlAq3MCYLuiye+sCC2IcxM8uIcxff:kuYb51v+kzMJOYAqMCYLu7U6lyf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133217053061200019"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

824 chrome.exe
824 chrome.exe
1784 chrome.exe
1784 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

824 chrome.exe
824 chrome.exe
824 chrome.exe
824 chrome.exe
824 chrome.exe
824 chrome.exe
824 chrome.exe
824 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeCreatePagefilePrivilege	824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 824 wrote to memory of 4436	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4436	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2876	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2492	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 2492	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe
PID 824 wrote to memory of 4520	824	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.2.install.anycpu.web.zip
1⤵
PID:3640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe74879758,0x7ffe74879768,0x7ffe74879778
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:2
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:3420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4208 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5252 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4596 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4516 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3408 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:1
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3400 --field-trial-handle=1812,i,17382484788026063323,1520807568380955720,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\349e3d11-b2c2-46e3-bce7-6309b6c10fb1.tmp
Filesize
140KB

MD5
f6e950d395c41737849113a913056795

SHA1
d5604e2fe028a7814f8a2de46e7afecb31817317

SHA256
e83c31ef816d7492e9cb9c79689ceff172d2bb9ffe90281a124240afbcf9bb11

SHA512
2db6ab706bdd8fd62eda68589e69e3d1324244f2308d8b202c1ab2381338e5ee84737a107f06aab2007240884d33f99c974e55bfb33d2f1c02c79a98159d573e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
160KB

MD5
7f27adb1216e4ddb02884fd68a1ec297

SHA1
a33a85dfc58ca995fa184035b8fdb896866c361f

SHA256
aeea36b977f073b902c2c5536b21f43e931fc2ac5ba3601db228e686457e9bc8

SHA512
c1327064f05a62fe28f99830a33ad72b36f9345bb1c7de779461febfae5eea985aaf4a67f069f0e2cfec74b72b3f2d61822a4ff6689ff909c0b9d13ece5ba724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
7bd897782141abad5108b7788e8cef92

SHA1
12838c4d43d5d424b597120e28056cb712874a13

SHA256
36bec56cdbcd42f7a7c7f692df16ff7a02ff44a02720550e1aaadd06047d4bd6

SHA512
bb7e988785215d346d33f1be9adc416249b108f85fba606039170804d4bb0f2ff552c012c89aaee8fa62703d246c0a028617a483d79781dab3bec980c60b864e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
b4076c2f714f0569f6182dd4daa456a0

SHA1
0db9a75e413a3134fbc767eaa6abdcb5207f1c49

SHA256
a4d49b1207ca4d2e87162ca2a132364ec803773f167e2870f1723df8c5a57415

SHA512
4f42dc803a4efab77b4170e568c1ec3d349d6c659cd8340512ec05aa3459ebef3177b886d62980608c026dcb95687e7ab72532099b137ed76d4ade9a1b24d891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
0b177a5a91676e48cd83071ab9f0d97d

SHA1
fdb2b0a6033afb74f05013e34aaf8ca4fbc0df95

SHA256
6b7848059f90a1c4303932c0f2427160f18a166a2551c34f9a8b31d6b1c0d834

SHA512
ca74c999a4879cdd78205196453081d84122f5e68bc226405027e5695581460ba994beab7663073e068aab5a1159745c8e585c7f9547bf4fd0b4ca3d5fc3a4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b337537b8685109412de697cd16d32bd

SHA1
7b0a49ec949483d89627ba043035dedcdfe85b89

SHA256
18d88d30021b7d863811e54456d9626dd83c848405daceff082582863faa0ee8

SHA512
b2162daa56ed7fa03d89a56e7147f7080cabe2460d7486c6166dc042c5b27fe0e2eae537e39824b5b88ee50f5932c220580431dcbc4879fc15e24d475bad28b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
993863ffed4c1b8d6176ccacdd34f708

SHA1
12e680bf99c5452bf399503d29da49fed20e43f6

SHA256
5981e2ac6ff34c7e672611929dff97ea21fc084bf15617081f3c0a592dc5ada0

SHA512
622bcab75cbb375b54576518579e4d35ab1f1b17811a03e1bb6d37a6bb9d4f026ca6ee54e279aecfa363a7e04b897f4a66f39899e7372568eb6921c0c33a5d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b04aba75e9f5f55a576ba84d1761e519

SHA1
b61c49f85e201f513649beb6641f87d6d6133615

SHA256
15f0325c17379ad33c38cf5a51fee4b66257b22d7748e26ec2f65f3dd879148f

SHA512
8a17e6cdf44cbb89fc27142abb0bdb4ee1fa0403944cdc46725706b8e62986af83e5b2723d89899c79c28877a8e6a6acc80d7a8fb2e30b60d6a89c01cf857204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9a0666583cbfcfab9c2a25a0a2d7f985

SHA1
a5ca02b8b9f9e639ac6cd0df62c855b648580e99

SHA256
11da76caf88d3bd9bb0c607830a620de8dae6accd1b7100ca139c0c7b05e0da8

SHA512
6e86b0ab5d725fb094b1f2fa85b49e702b4609ff1abcb58e5f4e6f819b92c1f9bd999e6fd523dbdebaffc3335d6088ff3fdff149674de5929147b76fd7f1ed69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
2577862a1867acfb996da715b1d3d1e3

SHA1
3e3e860b0c515a0e6c5154ade3aee1e8f4f0bf72

SHA256
ccfbe7bc8804f70ba086ae2295b0ebc2ddac1ac8f4485b4c03381b384a657a3f

SHA512
84c63b51e5aeb72944107c8258a322a1c55a743259e7d35eb0f9075d1838a46467fd72c0a199b9de806e9a29099cace41de8d513bd49f16852b8f630b0c3e251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
0ebf391671916bcb3afec42c0d891898

SHA1
785c0cf33426b04fc3d1330bf812e9e8ac31645e

SHA256
069328ca1a901455ceba803cc5a7f4e6623b61d9eb4f60cd953db9e0f4aea140

SHA512
09407c5db964ba5a675f99ee31eca097b1edea21f9d6abc918333a35c59261a2ec69df10d1c290c60e3f6037fddaaacb740bb3d567ae13fe1430a23f26a9b7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
0487198f41c6211ef2dc71f2c0e64923

SHA1
39e3019058ba4cb68c0c565a035cb52f45465434

SHA256
ee39c068d96d5e8e70f364d9271950f6afc963b4822c045eb32a1c78f5b767a5

SHA512
101816f3d08288bd462bf0b1a0703bf592144335c45da2f666cac1e92db50c11d7ee5242fd379e3ea9e64e07ca5a0772519e8c8113fcc0ee940045aa687eb8ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
bce7bee2591a4b9a9a579eea30b3723a

SHA1
061f1ac78bd278eaa1da622abc05d789f141a2f2

SHA256
fba7fbcb522389e15c461cd242d93c28fe40a04ed5cf8ad891eac9df09a8e163

SHA512
9fd868e4873839f39200e07a35e73f9cfc3f8f7f12d1f882839d132a804216eb6a4fb73444cdb4a4ebcf3d0195e0cf74e7acdf44cf85263a9de840a4e8d52a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
fb8e85723df804210943d043809de07b

SHA1
59488c99a087fdb23807f6ed7247889717ee8044

SHA256
f9b32246cde7cecbd12d6cdf0a9ef0fd6f8955da8f220574a2325ce2a93553cc

SHA512
38080ca012dfb80b79fc09fe1c5a0538a7a68b133016f54190812a44c452dabe5621a0e181ca1a501c76e2b00ffb6853aa16be8e323fc5ada5314e86d20074ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
6aa381d1f82de9a8845ffce73f86cbfc

SHA1
c3805628a5336538ac1e93b5689fe0e55d3bd081

SHA256
0b29e9ec8ce06bf76e754a7c6f6cca5fef958348c11d7d93ff3297c53553ea9a

SHA512
e9e21341b33ad214daadb58e4e283413a587364066c9ef4d7ad722ce4513559a983ae5f94e0d11deb9956b12735e5c285904a2a18528f1b8ff6df528e01166da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
359fd58948cde3c9fb6be1b45ee366b4

SHA1
c8736d39767cb9e45297e4eb6f185848187b4846

SHA256
a273836f36e90da57380574b2f8c05595e9bb53290ed44b7b372123794b9ea26

SHA512
ce1eab4d6c18018e28d70d2dbf7960f4ab3c25ff0507ada8e3df54ec29a4f5a9dec36141455d03d349f2e0ed6076d4aec9f4ef71f2286f0d349642ab676dd92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6c03c304079689718593f0456f0f323e

SHA1
82f8c1b36bcb0de40b654991c7a40a3e85671c5c

SHA256
df92a9ed3c7da3efa953ef7c8965f696f6e3925675d44c253021a3324154f379

SHA512
ae5308cd12c080ae70bc0f097c9a3931c5a28909a2ae1da25f5e1efb0cc69c3ebf9ba0d33f8213320c7f71cabaab7b66ff1f3707776b82b3167688a4d7057736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
36c08e802ac1a51a5cebb5b99277865d

SHA1
a60d6839708d1c0d7230902429bbd4c1fa67916c

SHA256
da14252826f9acaef25d4412d37003aba6447c5e9af05d6b7be98381a551cf10

SHA512
337b129e7850b0fcc6744ecead72aaaa0dfa4d5653cf9911f5e431b150a7b42391cfdf1fa680d3469d29c9190d3ea57f36750ddf29d830679de019d7e3ea65af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0eaf557bf268ae6a165ad42b0e111c49

SHA1
f63db9a897e216920ba36f433afb84f9da877c1f

SHA256
a956197f00d3120504803070aaab7b2b01d4aab2c9645b06bc2e79800a0d0742

SHA512
4a17147eceb7c096ef2f6e6086339fba72d8fb2fa9041f601feb0f500a343de3cfef5095a809bc77a16abe60ff78f37bd1bf78ae385b39ea8925c7ad475ad761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cfdc2bbc9f3c26374d8b233a3b1c1192

SHA1
0c18e3da6b1e9cde2fd1395252cfec73916fd83e

SHA256
256a15c0bdbb6317df266ed0f0be499fe564a2402c7980b94ac5837cd7911fcf

SHA512
2adebd850c952c8add8b583c58600a9e031695cd0d9c6b9c3d28185aadc1b3badfe07411ad622eacb113380c95c956688a55be6c63347fb79d4035ae8863953d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
91de6d01b032e4f48c8fb06e1f8ed2d3

SHA1
18e8d613505bf583ba1fea8efc8a0cc8a0c1ac22

SHA256
a19ade2ed7f5c0f4799fe7910ceb3f60c980e800ad2ecb28ec7ca06a2e510a16

SHA512
fc4d2304d642cbdf1c0bc8950ae1b16b7923aed748cc0b97e83517a81cab94885d55313d1c5e65bc418aeefed3ef148ca74db209befb3c6571419229f1ae7548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
9b764e22c0409460a68c6a853eedb136

SHA1
d878c50983efe4da649fee7e9e820d1a8db9f53a

SHA256
0a02d55c5e7ae8cb7ef66493a6c6427a68a3c2fd11d3faf08a85d381adfda268

SHA512
6e97c6ac9602fc0c3ccc64efcbd8ec636fc5bcd57db2e486764634b5795ee1f6c899a1e8b62686ec090b61d80904ea7b00064a91e9094b3e2f587b373bdf1562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
9f3a4d9a5b7336359c57439c2d1c6fe3

SHA1
9d75cf177f10710d26deda169a46acf4b42850a9

SHA256
4f47cc037067d6330b4b9c1a3c37c50251747ebe17ad291cc60537398b76da8d

SHA512
7f45dc03f63f7821ad58841af858f7cae2ac73cd357b89acfc8451f39ae4e90f63775f326cb2f5a4888b427afc005009313e634001a076bc5423f36a068b72de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
0329d79dbb512102c547444dc0b457a9

SHA1
1e5e5912e73b90db3deb32e4180833d68e72c91e

SHA256
92619b52db65617170485291ba5e4a791780f71bfb6772d75d2a2f57e167e967

SHA512
09c5353eb13b56ec1706c55ca94c48ac5af60158ec3cf5a0f148480298cc1e460e8b720e8d819f3cff4b85ebb9d40661685820d80bc7a65a50b986199013ee19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ef90.TMP
Filesize
96KB

MD5
9f3b03371ac2a2b22120a7dd17a95172

SHA1
8f3a8f243677ed5c5efc34dbcfe031676cd9971d

SHA256
6e7359b80ec2598f27c208bc43282db9a3934cfa75603bb37f11352841cb4437

SHA512
0a7da4240c29a07504424dddce0efdcb0b73745fe845f1bcf20bc2fc717070577e0e1b9406b8610e68bbdd2baf46c8df0cd020d912a38078a2c8f5c2ad98d5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_824_CIRGYEIVSAMOLAJP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1784-507-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-500-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-505-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-508-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-506-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-501-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-510-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-509-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-511-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/1784-499-0x0000022D8AD20000-0x0000022D8AD21000-memory.dmp

Filesize
4KB

Download
memory/2876-136-0x00007FFE94200000-0x00007FFE94201000-memory.dmp

Filesize
4KB

Download
memory/4160-159-0x00007FFE93530000-0x00007FFE93531000-memory.dmp

Filesize
4KB

Download
memory/4160-157-0x00007FFE93520000-0x00007FFE93521000-memory.dmp

Filesize
4KB

Download