920357b0150629f73caba00198bdc7635c432ac908cc327090bf4bf3f5fee0bc

Resubmissions

13/04/2023, 12:19

230413-pg92tacf6t 7

13/04/2023, 12:18

230413-pgsgrsbc45 1

13/04/2023, 12:15

230413-pewreabc27 7

Analysis

max time kernel
61s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NOEXIT.bat
Size

36B
MD5

7ef39834b5770e2a06e236d685840b66
SHA1

6cdc9862913270d9fccd17e8c286c5f37575cee0
SHA256

920357b0150629f73caba00198bdc7635c432ac908cc327090bf4bf3f5fee0bc
SHA512

f99d9f07dc029bd566774634b2f4742c93e724cc2077f1ebc80ed45bfdb094a91eadef41699ec98c0f1456d843dbd0205452c9ee2120de5a2fb1a31b5676f697

Score

7^/10

bootkit persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258692902284492"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2708	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 3952	4828	chrome.exe	89
PID 4828 wrote to memory of 3952	4828	chrome.exe	89
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 4472	4828	chrome.exe	91
PID 4828 wrote to memory of 1956	4828	chrome.exe	93
PID 4828 wrote to memory of 1956	4828	chrome.exe	93
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94
PID 4828 wrote to memory of 2988	4828	chrome.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NOEXIT.bat"
1⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0x100,0x104,0xb4,0x108,0x7ffdddd79758,0x7ffdddd79768,0x7ffdddd79778
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:2
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4576
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ff753c37688,0x7ff753c37698,0x7ff753c376a8
    3⤵
    PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4840 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3184 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3332 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1816,i,13892013357889405253,16373462134319025319,131072 /prefetch:8
  2⤵
  PID:4216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e070f1574fe8f90f1c39547efd5aa3d

SHA1
6a7359c38f95a22b00a78ee7de8b133535af197b

SHA256
5c62f9fe05a8a3391b4b0a6591ddc04a1884c703b9bcb6a86fe33d87bdb3b16e

SHA512
f98d820aa73189a269a284ae8a776fb94c84cd002d65490879628170f5e86154726388648fe736d6e7678b88fb9487f7c439629fc56164e3b665c2a6f51a0415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
355652b6e1c445269ed727713160544a

SHA1
00ee7174bf03296b651ea51fdb3ca9a6852a2405

SHA256
058d8e183decff888ddd82fa62580d93d98e2e39fe9a9b94a7656d17d8f8c8f8

SHA512
21f13140ef23e9e0fdb9a8d76a7482a56dcf4c27ba84b7b3c6cd28b93de453c682a0b867b33ae7afbcc94997556e2af02a62947b64914f1f59ac9fdaaebdbe43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f03cc68bc82f3a2519655907a34de67

SHA1
2e9608ac13b811da4bff7a5891d6c5cb6322cecc

SHA256
7b269d7e2164c373e1fe46b0e8247bf2747155da593adee6eef054e950f85906

SHA512
c1a3f69a839d5c5ed82642cc2d257291eb40d76c09409e1f5900d8248653b8300557ee4babda6c3906f77de7e254ebe33df643d324d64dd7477df612fd013520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b20e8bf72a41fd22d5ea7ef8bb6ef2b

SHA1
83a078cac3840a5edf3cdb0dfdf295582d442fe6

SHA256
e25de5aaf07337fea6cecc79b9f66caea2af98caf8516396c80fbfefc5262476

SHA512
d75c67052cadfe1c2048c64745f694bb3eea52e77dd037e624c254cfcf14372f0f6ee7283cd791a158dced7160b19f57fccb5890a4c040b458588ff7a26dc021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
975eb249919dcb1d53197a5a1d9beaea

SHA1
a2e42799b5fc38b4bb28abcc54eee7a433887880

SHA256
0d30399e3973d0b65a9704ae873c2e13938049691fc3466af89b383ad12df7be

SHA512
132407ecfb02ee87f0cf74aa467ccb9567d8cf30c3854318e77b5ab5355cce07765a4e889ad0b371e7925651ecbd36afc7675fae9bffdd9b1be1d9495f195491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b4bc1a23395448874b74477cafaf0433

SHA1
023b6c0d360334d8993f0369d5eac6e2604ee844

SHA256
b7eb9c6cc78c72a11db843c27a6153826c9864c4548bf61f9c16de9d15ae2133

SHA512
0dcfc112d993df94b52488b7678bff96bce1b47d19ae32dd1b47f2bfb4dd97feca262996861f73d3896ce37a93b0410eb567933a454624dc4c74187b011625ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
139c393fda9b6ba5d03980704a08b3d4

SHA1
07864cd13ad8fb804ded5a97f641d0c2025da1ce

SHA256
ac4f09974c9febc46c4de9bd7a7e958377e3d5b82378cca0d3246bc4e6561477

SHA512
c91f29b58849e668ee9ee48a62977b3386d48884691c4fe137847d64fa8226866d570369170521b32b2605a8a7ce11d5ee7a6efebfc05648ad5103c004f81762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
98bdda293d7f53eaa3c670456e0f42f3

SHA1
a35236137afc18ba9132766b0e30c87c190d29bb

SHA256
ebcdfb03536c957bc12411e8576b2490450e2ffe53c198f3c241ea6d4d4e0427

SHA512
04a8592020450f12c33654d4cef3eb7a5009e7801b88f4b242fbfd59bd4235168fd7397eea3dcb101c5713b50bbef1df3c2d39bd54d93d6e14ec8992e5a8baff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
d2cc803e11ca0cb8975165eed24c0a6e

SHA1
b437fbf6c14bede6396bea82bbac752bd79269bc

SHA256
cd7625df0970cb5c3b42781cd00279db6af96b7a593a6473303d57c12318eb69

SHA512
424dcb245a39f225ac74eb64affaf33605e2b58b9aa493f4e5c59324921ff2d3bdc0deb4abc0afbaac42f3263d8c1937ea5b459e0f31dc776cf8bbb92cba836b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
f4e2308f24f51e1343683c60d7a467f6

SHA1
d33fae64efd23fe72995a36a84ef50cb2fa8635e

SHA256
3b850effe320d2bb48fb54c6b2af95935958477fa41bbeb2055db61702699c85

SHA512
98ebafe6debdb5f7367aa19c971315f8fa017b19e8a540f213a8da80386e0a01bde61093083136337ef00b4b1482e190fe637c917220afcdc249f295537dfabe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575311.TMP

Filesize
97KB

MD5
d0ee163c65aba3a0d22bbe9a665db93d

SHA1
02c3389c20bad0e69251aea0e06c9c0ce15f22db

SHA256
e921b28620178a5d80934cc1c617fb85ad88d081523f3befc1fd99370dccba2e

SHA512
c0cc9cc33efe97f33e97a9dbccc424aa49c829be4ba590fe714bdfe30d1622e9f8b7a54c1c2c77072f280171975d81118c02eafce2cfa8ab5ce6bafa5d4185b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Petya.A.zip.crdownload

Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit
memory/2708-379-0x00000000005D0000-0x00000000005E2000-memory.dmp

Filesize
72KB

Download