3187e1b41839328d3f3497e2e5e02edd8b63a9af812b0e53ca4959ecaad8fdb1

Resubmissions

07/05/2024, 06:45

240507-hh68zsgd56 1

07/05/2024, 06:44

07/05/2024, 06:44

07/05/2024, 06:44

07/05/2024, 06:43

07/05/2024, 06:41

Analysis

max time kernel
46s
max time network
145s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undertale.app.zip
Size

3KB
MD5

119dd2698b82e5c16ad74c0259e5a1ea
SHA1

24cb87f6b403d145f6eac23a0e6ffb52d92dbc9a
SHA256

3187e1b41839328d3f3497e2e5e02edd8b63a9af812b0e53ca4959ecaad8fdb1
SHA512

728ab7e3f00b7798d4a2328ce5507e9cc0714bbba512a7b5e15b88ef70713e264803e7326b6d7a94a08efac9471ee5f9196b68826d901f1559394cb3b9ca07ee

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2864	chrome.exe
2864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1900	2864	chrome.exe	29
PID 2864 wrote to memory of 1900	2864	chrome.exe	29
PID 2864 wrote to memory of 1900	2864	chrome.exe	29
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2632	2864	chrome.exe	31
PID 2864 wrote to memory of 2860	2864	chrome.exe	32
PID 2864 wrote to memory of 2860	2864	chrome.exe	32
PID 2864 wrote to memory of 2860	2864	chrome.exe	32
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33
PID 2864 wrote to memory of 2672	2864	chrome.exe	33

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Undertale.app.zip
1⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6589758,0x7fef6589768,0x7fef6589778
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3644 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3836 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3424 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3900 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3744 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3988 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2464 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1712 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1592 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1752 --field-trial-handle=1356,i,12774611709580136006,4015583098317438239,131072 /prefetch:1
  2⤵
  PID:2792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x594
1⤵
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
cc224701d3988dd5549f5d4adbf10fe4

SHA1
bf7837f102c82b785f087208d907c86f3de96bb4

SHA256
ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21

SHA512
da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b3e8e45f9249975e6c5055f7673a32d6

SHA1
8378a7cc0f525510785c7318bcc1711fbc8ef411

SHA256
7ed099685838e6cee4870ab64594a58f4eaa3cbfbc6a3ed0ee98f838f2fdd899

SHA512
45250d45964616107898ef4263881df9182e8a305d20e976e33ac13bf3ded402933550684ec3a7abad7e0da3adda71e48020f2990c1699b4c461b5a485abdb27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
7990f2c98d1302f374d08d53223dd5e9

SHA1
49fd93ce6a479075709a3307778c32c5f575813b

SHA256
572b81d0a2045f9f358548bd7cd2b706cfe9c4ee16f415adff4f91b05127ae21

SHA512
132269cdebbf6c27a15911406ea82bdf441a43e18e7461398e313d97942e075e455d7e5c129d07d67a5aad913f1e0be3baec6fe7baa3f232c72239b46b936b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
364B

MD5
0788f08bc1f1609cbdbfc9c5af0ad06f

SHA1
fceb7ddb663b61e9d47db6f6eb53489007629625

SHA256
bf0af9d0892fdc31b70e91b3e959eba1a4e4788adb937fe6015a4160412238da

SHA512
5358f4190244a61069a506981f351c80af3957db6a5452a878bab9f127615146967642fb0fc2220de2e24d1fea99870f115b7d55ac5cdc259935e514d729e8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bf7207e49e3a5818e90977a5f6d25bad

SHA1
840fa8d2ad29db8a8bf9d1345f1c311988e6435a

SHA256
84448724420e6f7c8d3008afbd261569c87f116be0bc7e1ef7398bbbfa34b115

SHA512
fc701e16d99587f5d1a9afbbc6277f393c72d0cf9e24bbd094101d91ac61630251c1a8ec517a53ded30201d6ad79abe6f4d94c13661e856e149f21fde95cd5be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8ee9a36cff72e86479e38a2f12ef2afa

SHA1
0a729ef44a9559ac533c736a32b0b3baeb6ef40c

SHA256
45c367faf7c5b63fefecfde322d7bfcd60e243dedfcccea7e0d68503aea99122

SHA512
4dae4d8b8d3521768033af9a00c994f5b62a8b373a563294f2e6ef0d4c481b6082ab4f2ee35306a0dbebe14e8587e64cf62d98171d56920177126e21850b6a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
245937542e8db5bf9eb68636601ea0b2

SHA1
0839cbab8879c8b30dbadc8d776174f17ae065c0

SHA256
c297798ac970231961fd8f6c18b9232178d495ebf4e5d1bd649fd44d1b4a7ca7

SHA512
6d837091a0c553ca80404ad69ab0ed6b37244bf0e64394d6d3fccf5169ddc63510ecbbc6695c353c9e821e4257e76a5a1db4c66e7ece6468bd13473c9bd7c680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a11bc53a5c536a60234e06d65aa10b74

SHA1
f3e8dfa2c88f79f771cd51249b3f8bd059cf35a5

SHA256
9c1a5ef9113ceffdd745ac27248465302b40f2b212205211d43d644d3e2172b0

SHA512
9b340731f27621e6f602b592646512e9c12f72edabe6254ace8e954d275d4014ff568a6c2db8f6dec0b3334c985eba185e7055e4ed581a4c09c81988729e1021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d258eff8a0066a7627a943e6d93ec116

SHA1
6363b4ebc2c02203a616f047ae43dbaf1b17a0e9

SHA256
92e7f3a02009b6cc5846da3f56a9e492f59ed51b32840a18fc2e75b57a84aa9b

SHA512
8f5081e66fca903444c97b978815dfda2221850ee3784c698c4a5e4416a6e98f922bb138f385239081be604f3e42a0a2c4b25d2837606f2e832808ef21c36b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
9783af402b7a4b00045403e5cb57a348

SHA1
083bb3d545d538ff5537949e4d470e505ebaeba8

SHA256
b9dcc6d430bc5cb210fac434169677ad4c8541161b1daeadf44093f425d72d33

SHA512
8499e7ccbd6d5dacdea301c77d016d13ae513456fc3c0c37e2852cc02db58976b91fd6efd68b6b8ef0c504fff24d1713323187847e299a91333d7a56ac69d3bc

Download Submit