7c466c3a0668cc8ac5a189a374d8e8544c05d53f12c7f84516a5fa5b0ded8244

Analysis

max time kernel
137s
max time network
244s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Moon-Predictor-v2-main (1).zip
Size

15.3MB
MD5

37ff9f227cba62bc3c853d4b2a356ccf
SHA1

d5cb38fcb55f1b24ad27bc8d72c990735c0909f2
SHA256

7c466c3a0668cc8ac5a189a374d8e8544c05d53f12c7f84516a5fa5b0ded8244
SHA512

f43c7dd84ab6d52a5e3a434d639ce2545a4e52c1aa262f51bb4725ca2ee24017c04b776d43f544fa10eb2474feba1f7a5d46c0224f358cd166a2183b6d77043a
SSDEEP

393216:IvRsHxZ/P5383bl0qUrNoto4sdS2KyzjXbDxCRVHv+wR0:02RZn53iGqc6tondVKy3rlCRtv/0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2164	2956	chrome.exe	33
PID 2956 wrote to memory of 2164	2956	chrome.exe	33
PID 2956 wrote to memory of 2164	2956	chrome.exe	33
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2400	2956	chrome.exe	35
PID 2956 wrote to memory of 2224	2956	chrome.exe	36
PID 2956 wrote to memory of 2224	2956	chrome.exe	36
PID 2956 wrote to memory of 2224	2956	chrome.exe	36
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37
PID 2956 wrote to memory of 1804	2956	chrome.exe	37

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Moon-Predictor-v2-main (1).zip"
1⤵
PID:2176

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f39758,0x7fef5f39768,0x7fef5f39778
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1612 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:2
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3196 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3684 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3544 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3828 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2804 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4088 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2680 --field-trial-handle=1392,i,15546172545196348807,14890030359833702693,131072 /prefetch:1
  2⤵
  PID:1680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14986e784af5a5360d05c0505a017e1f

SHA1
58093898629930a9cea33fc8be9304a97ae85d1b

SHA256
9fbfd17a32e4547c824cfd4e29d8f6fcf672abb9377cb008d64cfb024336037c

SHA512
d0cd9e669f36be8550cea5851a69a4ed0891ae3aa2348550770320b6aa4e40968ab3ab6c7d741f192ace3b926dad5a01a56a749716770ac55f60616dd83304e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3468cfd7-32f6-48ec-8a07-14085d8eaab9.tmp

Filesize
283KB

MD5
c14e79c478b93f8ff997840de2aaf382

SHA1
6c22219ffa536d58631e3886dfa1e2f6f02708bf

SHA256
410d30b0952db7c3bd9c12988d0e80c36204326ab2d263e24519f099b23dadb9

SHA512
e8a86172b1bac801d35919c9ac3b785c4c57477839845008af4d3c7f2082fc761cde4ce4338dab62878d9da13d82a931942f69d3018fc7b66a35f45dcb704a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7751b8.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
28536b47152261f30adcaff547404559

SHA1
b7ea78aa992f6dd52cf706cf10f9ef7ef32c26c5

SHA256
9753bd21c2b74168acee54e143a1c2c90df19800505d366fd5f4333cd571af1e

SHA512
8cb33e3507adfc038081a7a0f4deac25b89fb173f63d63a778b63f1866b368f3ec8a7db30325549aba078edf8e6fac218635fe15ca4d5d3a612eab89403e6706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
84610c067d806f5edb7e879b3469f626

SHA1
b051d3d1eb26d921671c6c54a960cc348fa5b36e

SHA256
5ad50f1a3c1cb3f34ed16c7adedee2fa2a26512f5c0bf903d9de60791d618733

SHA512
6596d184333d372d215cfd4a310f08aa5227cfdc74c3345895d684290799dce99217c601b529086bc8a3e5b63046f158d676ae86885da83e935075af143a9bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
f8b18628d082907067aa515572bd27a2

SHA1
b23829a395235b7c468305877985436f31dc02e0

SHA256
1ce433444ebca1bcf389a59b89901648527efbf92db38a8d236428a1b069c3d4

SHA512
b06dc469eec05ac47d42a8f2a26d490b8481257f1ef91dbc585f37f5753b59b5d62eaa5dcc10f50669b6c025b777587dd344e92b9f8e7417283445bc3afe723b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
921b75c4571d14eda8343bc5d496499c

SHA1
39afa9a1ab1bd3b7e7aac6d71531aa381fdddf68

SHA256
b6603bc0d26edd929bd2d80c4a66bc3c9f620d0981bb55f51706301cb22d7b06

SHA512
b320294897f3f110015f4f8ccce76d4e8af48c75cbb1512d0ef48fb161fe8b4ea185929d7a22558e194fc22062119c1c8faaf3eba13fab63b795cc4b7d2300c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ecf845d7af90c7bbdff0590333421d05

SHA1
f9bebb18a546f56ce509cd0a4582204e3c7d4574

SHA256
1affade386017cbbc2eab509ca1fda873b28da2196b8f0dfec1af0a601403b96

SHA512
651eba76ae3d9b85cf91379e704d91808458d49df4e8351c6219fb5dc07cc809cd7572408e1449fb693ed2bdb657d4fd616f8a11f62ff93b4f6f8700976f6ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
699c8a22cdc6cb9cc419659c0c2b0913

SHA1
2315d85ebcccd3fa9950be56e6da2c6bf364bac8

SHA256
856e842d7dfed6c32aedc8b73dd3678caafbc6669d074df8e8b0f4a93380c750

SHA512
d46c0b79274ddc9ca77681d76d989c8359a170d3c285f652de898360d569182cb809ef83677c3a974cb22c25d76deac0a9c201c27fa53997505531d588e2b40a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f319dbf22bb336bb7d7e4bb63f0c2ff

SHA1
516b6366c81f41163f6a852b8ce9a9bd948a773a

SHA256
7a0dddcfa1c8e35afa4897c50a52db66f8557ba1713508e2f971d894bda48922

SHA512
69b87c839912a232c6308c266a9cb2a6ea0e92264663d0e72c7e49cd42a78cd1766f30dcc2b29f640eb56a588f25c24b5c1862d61f87a29e338d756bd490215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6a5ce3243af4018905dd81931483ad65

SHA1
e212218b33b36cd7d7c200f91c7ca7cd845a41f8

SHA256
daac3f5e42298697b1def0234adafbd87f1a397f54011ef2f7482c30623ce905

SHA512
680c6cec6436a731ee89fdc2f95fc38b243a4807e2bbb2cef7e7a56faa2b8e0b27125df8e6ccb5e6d36d9bab8ca25c60d6b16c6825e4a7012f57eb2e8cb2a539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a1e9bf853486e98a81901eda26ba1f1

SHA1
7199db24a13d4c7d3d8711798e1f8757ecd19def

SHA256
6223aa7e7a7cb40c3cc78bb1d80aecb3f867e32b927deb2ae80933ba2fdc8a23

SHA512
569e67ae229ac3a055d15a57792f63b568de44d1d8e027398a054c969cb443cd0d3f5593029429394acad3d68fdd98092d85254b59f6fd535a3786d715df8f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
4a99cc770f31bbd879651f4a5bdab13a

SHA1
d035ca665c5fda45207db72c1d47dfa1d9a56438

SHA256
c792ef08fca6b9c5f84d6e072c19f901abf2de4408a84723e50867a0359baf9e

SHA512
3eeead33a143d585283b04ff0bebbbd3df473cb83adde15dd4872307502be32e89b82414cfaf2aef091cdcc77332f12296e12a3cd7c64f252139f83fb6cdc038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
ab172cb950650d4b265e06086e47e18d

SHA1
d49e858be73d45867e09808e2aa43bf457621781

SHA256
2ce3b51cb596634f659f56fc00bf5005a77fd976a743c4845fa295163973be83

SHA512
f883a36088d3d26285deb74b97b08fb8b13d35cde350de93c158a8dc6baf3fed462720dd40dd2ff688a761f033d26f502b78622ea25886190490f268b56a29cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
39da6fbc491a9fcfb260308ed17ad9fa

SHA1
c73615f8d1048ab516b9f4e79815a6b0b90714fd

SHA256
0aa2f12204329e840d9a1f73fb0d7a0875968771d4c25a39a45e4d70ca08849d

SHA512
24a0696e5476bb3a09d3b357cfb11d6fb9a089b352d378850f6c4b25465cd425fd5444b123ae9ee4cce72d270a59c2caa3c668a0c82011cf139a8b894523e2c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAFD1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB041.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit