2c5a199eed66983fc4235d9f963df87ce3254f961b174d23e50d7682f1ca25fa

Analysis

max time kernel
664s
max time network
1701s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

world_icon.jpg
Size

26KB
MD5

309f7ae0baad058f6a966be4ab2b003d
SHA1

f3c9da29f35d3a1a8135fd807e32b95610a75134
SHA256

abe9b7b2aab651fa9771ef0fb63b6d068d5e57c1b280ce7713eb39f367de81a9
SHA512

d8b726d4287d542d5f0a577aba8821c0852fb47d9cb449a74c5a2ef2b63ed38570c47bdf3c563226261c5cc5aa86f0023d77f0ed8c6132377e11361945f7d289
SSDEEP

768:G0cWZ4qXryZAxemzFIpxpJiH4d/onIxLpnbwdAqjrfVSX:GidyYemepxaYqGbw+qjrVA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

1624 chrome.exe
1624 chrome.exe
1624 chrome.exe
1624 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXESndVol.exe

description	pid	process
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: 33	2236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2236	AUDIODG.EXE
Token: 33	2236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2236	AUDIODG.EXE
Token: 33	1392	SndVol.exe
Token: SeIncBasePriorityPrivilege	1392	SndVol.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

rundll32.exechrome.exeSndVol.exe

pid	process
1568	rundll32.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1392	SndVol.exe
1392	SndVol.exe

Suspicious use of SendNotifyMessage 52 IoCs

Processes:

chrome.exeSndVol.exe

pid	process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1392	SndVol.exe
1392	SndVol.exe
1392	SndVol.exe
1392	SndVol.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1624 wrote to memory of 520	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 520	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 520	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 528	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 932	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 932	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 932	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 884	1624	chrome.exe	chrome.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\world_icon.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fb9758,0x7fef6fb9768,0x7fef6fb9778
2⤵
PID:520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:2
2⤵
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1508 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:2
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3940 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3964 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2380 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2368 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1244,i,11685672157007961515,16421741676698798826,131072 /prefetch:8
2⤵
PID:2948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1696

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45024407 2192
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\256f7e42-6af8-4f95-b0e0-dd2814a65502.tmp
Filesize
4KB

MD5
6f2e1f43c20b4b6c8cda4d22987c6b5e

SHA1
513e34ccebfdf0d25f156a77a66cf67e778f7c55

SHA256
08388eba3f0d0860341bff2ff7a6c37edbef5626740fc669a3a4060a36facd92

SHA512
7f4dc420b9cee18d73a4041ab3ff3f38f7a41314f0133a31a4be7dc82762624133f3cefcc6280791a107533630e74472f09b42e0a55a745d7f7d217c5c451725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\55f419df-274a-44a4-9ab1-c79ed9b0592d.tmp
Filesize
4KB

MD5
bd00d2464fe99150b4ab6ad57fd066f6

SHA1
3285011286c9f303be6c59a5edc514239570d1b7

SHA256
bfbcb997f683a158fe2162ed345969de7ef49a79b751cf9ee5552794dc6af0ec

SHA512
251f27800ff6fb7e1a0446705332555be95ac9c2807b7c4778b2f2f69a45c8b37c6f7f8a0ad18111cb3e76acdcb6f2fbba4f62cb9c7f81be46c71efb5f3ebaac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6ecd9c.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
cf5a4d439f346b704de281103cc0c4b6

SHA1
7f15cc561084e0f3c62e06f6297f2098c8d85edf

SHA256
9f78a70848f73f5376bd909de8811a4f62df4325859c5b3d4fe46ff65a2c4b82

SHA512
bc913a68c2da013579d1bee0b8ac1890de198355b51f704715ed014de962c84baec9f676b139e075f1e0db4b724a316d8503a357043177c8845f6b2902ef0727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
cb341631814500250d287e7594527b69

SHA1
fd23b82c9426c847d70f7fb5a9f031cc53e893ba

SHA256
f1ccbabee626b8b06c7c44a3c089166179e83207c5217ab79fab8b4abd1484be

SHA512
e943c8359a68a64d10b21220d392a8518f840323624fd95ae34ed093adcf5c53b6920a86cf918d2b0b5d89cd5b6cbcf393f88b3cc7cfaef684a986f3437e2452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
b703f2d11c80a027d4b592b7aba6e89e

SHA1
216a487764ceaf77f2246d7a90a0b314c7e8870e

SHA256
d0bb529f1c1b5cb94914e4f776f9b6588c6295b589e1742688668d843b564bf2

SHA512
462da9a157d013f97b6c24f63deb500eca084a0f2d2fdd688f3980409b37a5b2852c809f9b3ed708b1f31aa534d53cc713889b8945403d6127821301d221d867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
6f4d2f9bc6ee0553734c8f3e511abbbd

SHA1
6b3e4f2dbfb4acb530f4d78409ebdaa5f4fdffec

SHA256
ad1bee01f9d1c00f72ce24fb1c264a595f13f89adf38a159aa3cacaeceb00728

SHA512
f534d9918ce717b92c76f1ffff3ee84a77c6f3d4ca454fd0ce86051ee63fa18d8e50cc2fcbbc401f30c4936d3a4a17608aa0e1f450fdc0ccdf55916be6eea97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
58e0e2aafb37418122286b1eedcdcade

SHA1
d5609079f185f4ce7db18dc4d7ee5e56f649185e

SHA256
770c2f154490efceb45e1d665242fd73a1f3162716fc1be08a9d267fd191324f

SHA512
14108490f4dc64da3052f6e3f04d4b4ac9cf3c589b58ea1d0eeedb7125b8d19df754d391116ea57c0b32feabd4a6c6fc5e8c43e9c0ce4b78c15d3678c686f356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_1624_VHREPFIVHGBILYFD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1392-191-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/1568-127-0x0000000001C40000-0x0000000001C41000-memory.dmp

Filesize
4KB

Download
memory/1568-54-0x0000000001C40000-0x0000000001C41000-memory.dmp

Filesize
4KB

Download