64c9e035db9007b1e54bc913d2a21563b715e9801ac4a8feed20a3c1b4a4e8db

Analysis

max time kernel
420s
max time network
524s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HotlineMiami.exe
Size

531KB
MD5

d45043d786dd46bfcbd308f3a1b24cff
SHA1

7c634f58397be0caf642a4f532540b498aa486f7
SHA256

64c9e035db9007b1e54bc913d2a21563b715e9801ac4a8feed20a3c1b4a4e8db
SHA512

20dc5367d99c7b649fd65c5e10b3ae0dfd9e5b00ac27aad3a1883efa191fd02611122dc337c589121b1224635ba5ce45a16df0bddefe18d3683a982c9ef45461
SSDEEP

12288:Z0J7M4PJDAXlDtk/w5IYyKXqjeoQZNcRrJNnHKPI6bXI:qPQDtk/wuYvaK9Nctqg6k

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2496	2644	HotlineMiami.exe	28
PID 2644 wrote to memory of 2496	2644	HotlineMiami.exe	28
PID 2644 wrote to memory of 2496	2644	HotlineMiami.exe	28
PID 2644 wrote to memory of 2496	2644	HotlineMiami.exe	28
PID 2400 wrote to memory of 2444	2400	chrome.exe	32
PID 2400 wrote to memory of 2444	2400	chrome.exe	32
PID 2400 wrote to memory of 2444	2400	chrome.exe	32
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 1468	2400	chrome.exe	34
PID 2400 wrote to memory of 384	2400	chrome.exe	35
PID 2400 wrote to memory of 384	2400	chrome.exe	35
PID 2400 wrote to memory of 384	2400	chrome.exe	35
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36
PID 2400 wrote to memory of 1568	2400	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\HotlineMiami.exe
"C:\Users\Admin\AppData\Local\Temp\HotlineMiami.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 616
  2⤵
  PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7b89758,0x7fef7b89768,0x7fef7b89778
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3244 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2252 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3708 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1868 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=724 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2456 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3836 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3848 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3792 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2448 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2788 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4116 --field-trial-handle=1324,i,17411400921848065972,9059615634051437911,131072 /prefetch:1
  2⤵
  PID:3032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5b9275ee4faaea2dbc9a1f5188a3deb

SHA1
63eebaaa57b69c17b937e0db7ca803da88ffbe3a

SHA256
3670213e84189c42699f296007329cd96b7ad400e0f942bc4648a45cda9f6015

SHA512
4ed807313215c1a4eaa0a2418d2526d0786a989ad269d763eb32d85b084bc671090ce793af9013d15270643c8887945e17048bd15a944b0941f890e764acb299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2352f555e79bf12f01fe8f60819d9536

SHA1
dc23bc3a404f84c2e8fdcd651a6c91c25fe3535e

SHA256
132ae56165662bf271f862ec1e72e3ea4ef4203e4fe7ba14cc62c0a4e71488d8

SHA512
a14b49f8dfe4b4d858b68154fe68ede62852244012045296ff4045ff850cd853416029f5306fb473f964989c63d09ab55679708fe57aed3468d14c1766702492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ed92065df22d741ff249fdb11f7c9a5

SHA1
0ffafced6b0d5360bc9bd6f77218a5151832f76b

SHA256
ae9f2c5073a0a8a358996219a2b7ad9d4c17a67332112f826b0c39c216cc4bfb

SHA512
3e33f2bba84a709d9a9b8e43f7148ca6e71a730a386f6973efd593769ae2554ff80b8287e0370fcc17f823e077a7b8419029374e63e615acb731ce838bb86e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
19KB

MD5
3063a7e62c0b62d1df750848304a77c0

SHA1
2e93091ad21938d525b69cbacb1072cab03281e8

SHA256
bafc3557a30f9a45ae9feef34f3bf71d46d5c23c462ea584b131384adb712d35

SHA512
359be0ff7f43d7a2d21dbb49c58734e8c2d659c29b1e45b8392fe1adecd2c26e6b49e8783cf0449cb802dc5ec68ee3d3d822fa57c8f078df2b49a3bcb4e29475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1119824c09797972_0

Filesize
3KB

MD5
1d8629513e73935c67a7fc0d9a7bac95

SHA1
6f70ec80f81c978f927bcf86eecd7891eee5d775

SHA256
540cf36493aae75416b62f1b8b87559de42419e21a30658521752ffbe8bc4394

SHA512
09fd8017464e4847db9b2e72b203bb05fd5e117427d1d71c4c6645bd1ca48e2982b6f51adedce0f90e394febaf887e688edcb76a5a127090f82020755324c8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
044041dc8797002fefad018dbd0dfe06

SHA1
a55f9af399f234a0f726a40702ba78df5794fda5

SHA256
c6c0c8b7fb23fa48498920b4fda80c8fcc7ce9f61a10c411f2ee824649346e23

SHA512
18b3a7e297e9dac572357a4e240cc8ec116f1d54150753a62a58f3b81ad79aff18e17fba91204761ccf06c454641902f15b2fca0d7b05ba6954cf02644977390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
75da5618ce7ada6c0d3ca8658c0c99cd

SHA1
c6b13555196ed827d8182d81a7319967addfbc39

SHA256
817293761b409bac5d3536a5309ffbea66834e15d12fa721eaf82bbac053d764

SHA512
160a9f30b78ecba81272260c09146c6f20d366ff745d971a1c0329c3221a60e8609ecb834d08d810e9b7a5317448fd0ef03db25613eeec51d5a21c2973b2c4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
0ca1e937e99d68d97fc871eb8b86c35f

SHA1
f54f3f23ee03c530dff6e6dfe2387b5dcbbb704e

SHA256
188b5a4533263b7d9fc1668ec31fec238e8f9036748be8edb3899b683c6f0b3f

SHA512
9af029505b0c6d8c638bd39c869575210abe8ce0e4d33eededbe5ad823cd0cf5ded1597ae914ce92003e943096a90e236e183fb51de8be9cea7dc501a0055f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3d4c3a95f92c1c52a906d0a192a4cc4c

SHA1
a20bdd40c0e2d1bf3ba86269aad69f0282690a1f

SHA256
ec7f785dd27f286d903cfba803ee74cdfdab56b8876972d40aeced696ba9965b

SHA512
aa95c4aa0e0a7631cde7d39bd66a26fc516ae4d3ce95cc330eb30b1fab6ce160e31233760ff54104b1b556bd5ee4f3e6d96fe0141241666979b4789c49372d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
88e91897b0cad2ef3e2a6579893e65f8

SHA1
b674a48734c7439d3028209d2340b4165beb5e2c

SHA256
15ab6cf225512ca05ca74ba3c33217f3b9556196409626d1bb7c32ea8d0db535

SHA512
8751c2f849fe451864da2700956cc14d3d848bf068a73971351ae8561bc25b1e7d05c6d20276d7860d5c517308f0e4315c488d816f595a2831f6f266e45bd051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dfe966334583a93ee90613e6851f32be

SHA1
ceea8389d67f7a7475ee3feb28abe5fafff5b26e

SHA256
f4311adaee04adc9323522ac828de3b01ebf5e0874f8331b4a81f18b21115984

SHA512
4067f5f4410563941238196bd0f45ea8be5b9fef9180783a5e329eea75a7e6e32184b2f547d9757c38a46215edacbc5a5a37aefdd30eac20dd37fa4b817a4741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2031e660e51f7d3e9dddd73b9914ded

SHA1
809ab26c7ebb170a9356d6e22fbef0484f18fa22

SHA256
21ee14b6fc271598749caa63c94014cca8099917b08f1f9784269b8e385e607e

SHA512
5412afc29206374bf8a9813eb687792e5fc355112f1ce6c07cb079a60ff8c1069249c6188035079a682a107e38b53773261f50f0e15b80bb95b3b80c5bfad55b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da2a580a1d4248f595c55dae8241e866

SHA1
746d96caafbe58f405c176ccf59577d0f061dd4c

SHA256
e07c281e7bbccfbfcb079ec97c09d470dfbae1fbd92d1d4cf616e67a9669ab9a

SHA512
927f16df29d16c84f0e8c5b9022dbd511be889c68dbfa494e7b6cd5409d02d7ee5db4659565fb6de1f7992212556903f4d9fb4ec78341a654238105ab6a3142a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c80d8a7362ee3aaad6dbe83abae74a65

SHA1
b811fe4939db1a3ca472088dbf38e347d62b589f

SHA256
f5297bbc7805004b795c90acf2db6f1de6114964725549e15cb0b0015e055eee

SHA512
01b90290d0e176460aa659d3f9bc93e308bdeebfd1bc87a495f4a23ae4b0471ab2f7b7d6072d528b604a08e0225e742746f72a9bfb987a5cb753d70ed146aa7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
526ee173c5f279a37d1cba2d887cd5ed

SHA1
37136fcbeb25beb2ae703a607781ab8ec0a11939

SHA256
67502d4228e4909e78b182ba07f0cb2acaa98ae8ccc720a1e0290fee9e0f4c30

SHA512
3c0e09cf303b84860a704ba297810508f477b6396cc43314cd1c2916cde23f6c4e462bbac320e5c6eb302ed088a506419cbe1ed3585f5963b938305aa68bb649

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7EA4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8021.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/2496-5-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2644-0-0x0000000074EC0000-0x000000007546B000-memory.dmp

Filesize
5.7MB

Download
memory/2644-6-0x0000000074EC0000-0x000000007546B000-memory.dmp

Filesize
5.7MB

Download
memory/2644-3-0x0000000000D20000-0x0000000000D60000-memory.dmp

Filesize
256KB

Download
memory/2644-2-0x0000000000D20000-0x0000000000D60000-memory.dmp

Filesize
256KB

Download
memory/2644-1-0x0000000074EC0000-0x000000007546B000-memory.dmp

Filesize
5.7MB

Download