82b85c99069ed9d3f4c35ad3b2686b14e79e772df96a063e2f9e671a4db8f2aa

Analysis

max time kernel
39s
max time network
101s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

receptor-down-1-removebg-preview.png
Size

1KB
MD5

919bfb5543a8c1327ce00bacfc9d8ca0
SHA1

cffcd13a8067a90bde3508fce03d2e486830fc44
SHA256

82b85c99069ed9d3f4c35ad3b2686b14e79e772df96a063e2f9e671a4db8f2aa
SHA512

c8bd5413f5bdf0a284c3a0aedeeb9917d1505157701920d4185c1ec8a6ec07a7a4943ac640a0c0f0b8c2d7bd706913994d6748cc718374a548bcf99d93ca18a8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2304	rundll32.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3036	2904	chrome.exe	29
PID 2904 wrote to memory of 3036	2904	chrome.exe	29
PID 2904 wrote to memory of 3036	2904	chrome.exe	29
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2948	2904	chrome.exe	31
PID 2904 wrote to memory of 2576	2904	chrome.exe	32
PID 2904 wrote to memory of 2576	2904	chrome.exe	32
PID 2904 wrote to memory of 2576	2904	chrome.exe	32
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33
PID 2904 wrote to memory of 2464	2904	chrome.exe	33

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\receptor-down-1-removebg-preview.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6299758,0x7fef6299768,0x7fef6299778
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3216 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1408 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1060 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1624 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3996 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2508 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2520 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3888 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1600 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3856 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=572 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2500 --field-trial-handle=1296,i,9502458442433532526,8129606608472930470,131072 /prefetch:1
  2⤵
  PID:2384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8a873dce-0f8e-463b-9dfd-bec19ee07409.tmp

Filesize
256KB

MD5
aefee739e06601364da02e6b916cf605

SHA1
705b53a6f7ef2c8a8d1dc1a8ff61837e3383d8e6

SHA256
5c6353f6da72121a8915511f7c772241ddc19469c0f9c376115caa4faf285aff

SHA512
d80482b2b218ee33365177a68b8e8d15b66d04066a8fffe9700d5be87fda7cbd1d574858e179a7153f888e4419ddd3dd4abc5d455cdd056aa459d0a58f10919d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
855ab7bbeb2f244dd0cd45fc8fb0db67

SHA1
de12dcdd7ff8dcef6d053e6416e9ec0230ba760d

SHA256
462b9d2a93ba05d1fd6aba2df30f5784ad5a280188d774a07c0718f37e3f5329

SHA512
747be81344df9b73ee477a12e9705df503cd2cc2cead1d4fb640aa9d3a75b2e0545dc9eb07e4dfb1b2bbc5c7e91a81b3ab8ad3ff6227c47bc0dc7b5c9e2cd9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6fc700f53a007fb44c9bc9dc4b5b5fd7

SHA1
99431273b50a7f8cd212f14e80bc8f54284b110d

SHA256
265b46b1e4f1b72865cb592bc92d11c7519e821d3cb5b6e978ea1fe4103dbd29

SHA512
cbe8ec61188149c134164e1a2b6bd43ad98af3a01f8d4988480a03b7558127fdf5956a5c01cb386bfdf2ab8f196778e53f4b03066373487f1259e7ddcfb88311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ce189e26221385daff6e9bdba98807f5

SHA1
cc209f6009f5dcec0f02a27c016b12f39d76a296

SHA256
336914f6c7faf6877ef7089b785063efc264b58c6f6d0bd80b1de1e37e2e5225

SHA512
99deea8c47a151ca4e3d24c2f1de7671bff5ce9410d5d4c3f097a729373dd01f45909a222874f6a64223a7070a8c1b380069166d28e9e7cfc4d0ae07d10ee907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
685906cbb69b19e2cc5feaeb100dc435

SHA1
43b7773f26bdc0f88627cd85df9b642a731ec9fd

SHA256
0da671cdf1b46b5180c4d29812b1e59c1db93f7dd55bec6bc714f59b1585c15c

SHA512
6d77ac060ce534c97900b58c473aad5eeac8fad003da93b77cc7b855d2baddbb5ee48c1f1df5320687e4f7515310505265abebf960a46ab250dda42c7f611d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
006b9d506fd5cb275fe9d3788705ebdc

SHA1
1cc02498caca0482463b0b3275ca12ae8a6ab8d0

SHA256
9a3c3ca8072ae4a14da4a99150a77f95f24871195b7bc0dd4e8eb5a9dbd51b3e

SHA512
90dacc6073b2918dbd1ddd62cb26115b995d067543cce1dde1715c4508e0626ca23f90608bce33671451ad1e049b6ba91fd4bf840e323c211f63d9788be655f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
197b227d86cb30a06a14c2cf9c101234

SHA1
26aeb557a27fd8358ceb9c19abf5c3547efeb108

SHA256
c2a4474532b8e9765a27c704293c4dd572be3326e5c428abc6f003c2f36603a8

SHA512
9494ffac17367b8ef26d6c86d1cc159b4ab2ab7f87f48ff5305e876c721f060af08e9f760f68b76f64879d92f17215c612c00b88d69a498b80ca8a65aa3cc7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
0e8ffb92b97967101e0fdc8fec80d912

SHA1
c220225f0766cc477f6647e952fc3f37e6dd8066

SHA256
e1c425f266faa15b3167fac9ff399fefb029c8f7a456fd237cb2d25799acd2f2

SHA512
5a1fea0c39c58488a5cc3bc6b9f6c9781c27818a8a8baf1ea4a664dd5ff91e071bb71d59ca2f16d35a36b4350cbe6a995e072f46d58dc4c8680454bd8c390e1d

Download Submit
memory/2304-56-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download
memory/2304-0-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download