4494627e5b4db05265701f5e0158ae680f918a81f2e5b1ade379f18581797075

Analysis

max time kernel
30s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 18:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-02-26 1.05.04 PM.png
Size

103KB
MD5

bee563d6242741cdf187a4a2ea3a2d77
SHA1

ec904c4c758347f883697c9b10751f7c1a1085ab
SHA256

4494627e5b4db05265701f5e0158ae680f918a81f2e5b1ade379f18581797075
SHA512

2bdc4a58aa9fc9e681d1776a2bb3ed9deabfe7565fce9584c9d051f423ac4d706227a7c2f994cdbf79cba54441771efd481c14ba8d647a4875c642aef229e8d1
SSDEEP

3072:Gr6xWvVAPuZyyEsAUzS+G5sRxXKtU94819TkPbz9:Md1ELh5sx6tcX19TMV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1552	chrome.exe
1552	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1092	1552	chrome.exe	29
PID 1552 wrote to memory of 1092	1552	chrome.exe	29
PID 1552 wrote to memory of 1092	1552	chrome.exe	29
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2516	1552	chrome.exe	31
PID 1552 wrote to memory of 2428	1552	chrome.exe	32
PID 1552 wrote to memory of 2428	1552	chrome.exe	32
PID 1552 wrote to memory of 2428	1552	chrome.exe	32
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33
PID 1552 wrote to memory of 2896	1552	chrome.exe	33

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-02-26 1.05.04 PM.png"
1⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7189758,0x7fef7189768,0x7fef7189778
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1564 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3408 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3940 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3376 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2480 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1944 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3964 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2296 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2288 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3792 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3748 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2408 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3756 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4124 --field-trial-handle=1204,i,15729777134488915563,18396717122471616891,131072 /prefetch:1
  2⤵
  PID:628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26ebb2894b0157d05faaaa6341ac6b7c

SHA1
a99ced187124dd9ac0aa8f326ee392b5e8198382

SHA256
d01b2d37b0723c90b804a455e12ffd65f8a4fb00bcc57141ac37ae400e3c4eb2

SHA512
c06e472c1bb99adf42d8f9d984081df15f62c9dfa78a3b8750ca1d590242edf8f2be7d839f16998cfaa7135f500ebcd29962ddf6212a47a0c4989169da723651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c618c7f08517ad8b8d83d0fe0ebd1347

SHA1
bf0a69ab18d2960633227d7bd7c8eca6ede78830

SHA256
6ede8f69f84aeb9091f70f5af23e9d21fbcc3037341eed51f8044498fbe1af12

SHA512
8711e7715053465aad4f2fd74b636770bdecb86801c63e89559a88724fceab12c5020640fc4328ed5e2da303286a35a51d41674a8f61bb36e2f4292111851a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7b7f822e-e161-4e6b-b8d6-2a740cb15be3.tmp

Filesize
259KB

MD5
387f3ceeef1e7d25e36fca7f785d219f

SHA1
2ddc71b6256770d4ad396f1ed5948453d51ab96f

SHA256
0071068e83acc617f15ea976f8d77de2de811befe761f5cce1eacda702b1b2ac

SHA512
8627e12651e7d3c41121d7d6b022f140353531de79e7da848a8d253412fde1b3166b05021fae1bdd2159358715715e5f3ce8a54701230abf1d06d355659761df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5493cddc-816a-4ae2-b63d-e9c2eb45fa26.tmp

Filesize
4KB

MD5
15b1e5db9c049c9bbc51c622634b9d95

SHA1
f91779706cf7339656a5234380a91a9f64e8f095

SHA256
ff5a83ec46657c2f4d8e1b0145c64251a7e41e7c20aaa86c50c62f264a33e210

SHA512
b7d1c41ace4bd46dd97ad60d997b7991ea46e019dc31b3fa8bb2ba186fc9a227a53253cc8afb81f0292d6e280a1ea540021b426be74946ea75ea7f74aa56efc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
40f3cc9893c96f5ee00274a5d565ed39

SHA1
8a1c85c8e83d5845d66232cc61843af4c0edb32f

SHA256
95ac4b870ca674085fe9fc3d1560ca4b6bde6dcf2ee3f7f77b8eb5d4c58decd0

SHA512
6f7da9de1532d826b9363945c2cf95d491ca519ba7a63282e9c71c0eac6dc9a1eeb5858c9b4eeb6b30f7e1eff6368b31ceb53555c247334cbcc611f528833f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
ce0f6ba5ffa26e2953148e0e293b1f49

SHA1
b1133659917de8a681f1f0c1f50aeb80df221698

SHA256
d9bc869394a24014b5d6a8aaf6cf99840ff0ae5c1206f3f1f04573eea1626b94

SHA512
6d6f152a96dee4a85747570a96fa9bd318fb6db1d82eb9d67272aff2dc643dd247e3c27b39aefeb7fa7656576fbf6c213021522a37bcee9a77050506a3c8eddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
57ab9c55309f92b0cf325b96a9a76a84

SHA1
fb132876c44681b88857db02aa05c2e2d3a3974b

SHA256
dc21990e8ac07d3dade5bd0e107d51c6704ec033f02bce5a969f1cb706e82bad

SHA512
6b93b0746a2c8a6c69480b04332a4e45182d64e4a64c77a2671dcca6e54024ccbf676cd537bc3945e39c28aefcd49dd3e511593c2e7177a4816f0531f2562a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
088a66256af9c19855f2aabc99bdccb7

SHA1
af5cc3fbc627965a822ea24f3273e8aa101422a0

SHA256
31d8ea6cdecf5b3ae59c5b0b6c38f319f044bd70db0c3580c2dc5dbab1bc0d55

SHA512
1b5b2535c1fbb947feccb3b55a0590b8d94892f538a3dccd995e00d7a852ae9f6f27d0d1db84149a353621011a58512258f13a94c1999c625c6bc6bb9c9a6910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
31f2832d6a3aea8399f7a7e594861489

SHA1
0eb1140a8c889c2afa25ca41f4ad3ae69ebebd2a

SHA256
6be69e1fe819f74ba1eb1d01fb18ff614328c89f48d5eb0d72e670004af17a1d

SHA512
8e446438965eb2853a29a6702bf8d63a58a79b8db5101221f3513761b9c2bb74c90d3ae651fba1fd9b8499bf4eb4caedc713d997a52d92000bf06b3a6b66d59c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d41c4befcff3a4dba7489002eec83f13

SHA1
26889e0dd7ce77613adaa363a993812756035971

SHA256
ff19acae285d64be0985c8661fa67506d045aba9e17453069828e9296f033ac5

SHA512
ce949c228a6a0ae2a29e53f38e040d5060b961818f61a7737c6db799e3e3e5cd3ac6cbf09378fdf694e541d70ba613ec7c69c64cac94189312531bcacb5e5a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
62820398d90bc536c35c89026e9039cb

SHA1
b83e5f761670195316e3d1807788b37fdaf7b8cd

SHA256
bf4e4d16813668858aa9f6fa196d191d8823d95dfb1da17ca8a2ef1f05098bbd

SHA512
ac5cc184bfc88af26e7c950c4bfb5da18c73a6ab67e5b3270a649f60d7dbb20f3c23f4fc8a6a9711e740862d6fccfaf0782566b09fe727822965b2f1df6e8051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
c1e8dda44a2068e72ab56919f86ef3dd

SHA1
78f2cbbc431aa7dd5eafebea9dea121951e54cf8

SHA256
081d6e2e2d47f1c20a33bf04bfcda6b7960c4a87f09605924175ea631f1f746e

SHA512
c9eb1df40e7595e01865a75226968a38c542f77b989d3e766f2c5ec17092d0ab8df22b68f7793946fc992b0e686b6a16dec86541f1729c1e3c00d7d39aaaeb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
07925d316cf5da1b4c6c7efae5aee541

SHA1
983dae3544d465a2efa525423b31491f435c227c

SHA256
34db244030ab227aaf58e0740b3ec039ce24f7b5cab5e2b185f96c05f5384ca5

SHA512
f9d3b61ca03859c2b53d66d349d2fb051dd36b38a3d9166c3960d176a56769101846afc56f8eacdbea0fea4a6d89433be92d0c3869b05d36fb9f069532dc2841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
45cdb112867acdbdc4ae7bb38e2962e7

SHA1
2657f723c41d4ba62e5b067737e0bcaa407b59dd

SHA256
5aec875dee1f1502be6efdb51c487cf3949bc1ad71d0bb0bfb3794ed7e7cf68a

SHA512
765a34567747a2e71163e278bbd8c49df1027dfee342d85f4217852c0fe6893445cad3ed6d39c994f5a54964449b3794e9cb4f4606c83deccb6d36a4f4b21471

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFAAB.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit