0b43d56b3ff8343955f5a0148ae54326b6a7c9dd30d7846e2e2865d8a10c19a1

Analysis

max time kernel
149s
max time network
139s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
31/05/2024, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images (1).jpg
Size

7KB
MD5

626ca4444b5467a6f7ef0c76390d8326
SHA1

43b0765303adeaa4aca03dcb1ec7a935bc0b2cd3
SHA256

0b43d56b3ff8343955f5a0148ae54326b6a7c9dd30d7846e2e2865d8a10c19a1
SHA512

474c84ce79ae82a88b7947e266cf5e432ce05b747672fa9e165148a653a4eabf60f855ea30a28e31bb605f600644504ec955e0c3623f5ebc5b8ff89651518c76
SSDEEP

192:KONUduNvPlpM48HIxsBhT2hNV7Y9Glo5WLxtLHpUPP0:/1S4xsBJ2970ILPHV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616447765461582"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2388	chrome.exe
2388	chrome.exe
2472	chrome.exe
2472	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1932	OpenWith.exe
4564	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe
Token: SeShutdownPrivilege	2388	chrome.exe
Token: SeCreatePagefilePrivilege	2388	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
4564	7zFM.exe
2388	chrome.exe
4564	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe
2388	chrome.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe
1932	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3020	2388	chrome.exe	75
PID 2388 wrote to memory of 3020	2388	chrome.exe	75
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 4320	2388	chrome.exe	77
PID 2388 wrote to memory of 2576	2388	chrome.exe	78
PID 2388 wrote to memory of 2576	2388	chrome.exe	78
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79
PID 2388 wrote to memory of 4360	2388	chrome.exe	79

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"
1⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe3bff9758,0x7ffe3bff9768,0x7ffe3bff9778
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:8
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 --field-trial-handle=1876,i,11882164984262013425,2070977665650514067,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2472

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4204

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\aimwhere_crack.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\43d5602e-aa32-484f-865b-b82d85d0c48b.tmp

Filesize
278KB

MD5
a8d4dad7396da2d70a69dfc7e5189c47

SHA1
4a92d26dd4f647665106bcd0494eaff8c122ba55

SHA256
5a0a4ef509d08dfdf2bac009e5b2734f39842a8d91107fb1b7403915b801f8a6

SHA512
f8f809400c78b69c74c21f8ee0c8118925c2c7b38e0ba1df81ce7c66c507867e2e62bc6a8ec56b20a600686adaebd3c68ca2cf019c25c8fd706d9496a6c6c93a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\111da402-68bd-4b3f-9438-2aa976bde319.tmp

Filesize
5KB

MD5
48a5ec3e8fbd3a07f2d493e7cff95377

SHA1
39933fb8622054959de4e2f81edf2d2f4cfe0b0a

SHA256
483f8299eb05b93cdee2fbaf6327fc348ac88b5660c961f8754536f8330234f6

SHA512
99f97489f5e786df149f964bf9c71db5b2c55ed1eae5349572ee7211bf899f7c97be488eedce3a050d14cf9827d87c180c828a41069df31ab56c5c65fce9bec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
22a87c83eb886bd677e2c50cac71afd9

SHA1
1a20a9f6fe7ab1488b8c3dd67a688b08c0e5cba0

SHA256
7171818f25c765650524c6072f95afdeb85a2cfa5b6422d70ac5bbcf8287250a

SHA512
3e58faae7285685b8119806edf050ebd00f5769c64dee67523c5cf325bd163fca4d0c0878d664e1c6c4cb0145bc11f120bbb0e146489e8d0985cef3fa5c20703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
01b56eb5e2cc8e5e595835a3249248bc

SHA1
37bdad36c77cfa164f66b376e7000e970284ca89

SHA256
95c129cdef18f2611179d912dfe04ba80e0ad7d6771ccf1781be79a1630bacce

SHA512
5bf346d735e793638729a65132b12d442790ecff352a300302096e7a1744f37bf97c8cec9e8f232b2ed8cdb2c2615b640006c8c0314fac7f24ada75b680ba344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5ea6a951de1be643f9c0ca6548a2d216

SHA1
950575628b5b717f1971502b526ab7bf812c89a0

SHA256
ed18cce2dd5a2253517f42ec9882b7fac5133b49cedca56907ec27ea972e7a25

SHA512
a01a6a40dfa0b167f5b3306807ce47263dff4ea5b4b7b2f73cb7add610a84779eab816b921fcaa6bf447aa85a5941836ef3be04fbe0c900621e7af3129cf9a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ca9102dda3ad7d29313f32c11bc9132e

SHA1
886953f7fabc76136fb9d39ffb7834669be9bc88

SHA256
b5160bc9d7322fad33c5d1324b5c5190ca39ff770c67f6b7cb41c00752a292b6

SHA512
b74453c9d18496517033fd4f37604b94bd4596d03505458757cccd26e8be71c7374f27ed4e0165c816966cdb5b78eb16e49382eca58b61401f818b2846ac412b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
be3fccc73060af0514526246c58ce741

SHA1
01b97ae498211938ea68a0eb8da1251d9666c302

SHA256
a3cdce996d23e540e8a04190ae3fa7a189e406ae45c30e515651dd27bf519364

SHA512
d218c4cb1141da1224605c10be394f1530960dc9effe2eb3f1b162e09e4237b86f8814c57bbdc63bd6a6a58e85e598a14f8f47744d9e0a805183c4b370fa9f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b082a541b0c0504bcfe154f94e5a08de

SHA1
c95e3952107a6ee5433e8083e175471513f9c2d0

SHA256
00d94088afbdf761e40513482b2e0f26d6755d6fae19d4d81e02b9a0c453c5e2

SHA512
6836ddd36c0012bc20e452ebb5ec4be78e077e07dd296de24583f655336260dd1e3a6839e9f5f56bad2a1739cfacca9c3ea2315d14112969965617de1724155d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4240b6bec3756124358c628be449d73b

SHA1
0550120e04a5518841b72d82287e5ce57f093a48

SHA256
e307f6affaf5fb2700bf3f5ef316a42f7c196aa1ff7d0091cfae603553f24ced

SHA512
50e17376d706c6658b388454071e19582897c7cc6e6d8b688faa9e91604ec42d4f90cb1574ee13cb3202615d530d64ea6008d98f129d2ad5816f86950c7dd554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
0311723d16b3228691a1974440f74d9c

SHA1
330ea2c22d6077cde398dcd3f19f70422e5a01c6

SHA256
99c836d770cfed88855819048bbe5bec18f4539a89bad753ded14e79d7d6a333

SHA512
830afd2bbadd396d31c1357ced55da525a0af19be91e1205b8f796795cc91dfaa931d596dd9441785465f88fde0cefc72c417b03a6f4a7e9a3a5cabd5343cc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
aeb62bffa4fba5291fbc6829d0d8e793

SHA1
7ea891fd7fffc5053717176d119d10e30c981a58

SHA256
cbea8627eb37793079fae6454425b962fba6b8db7df043fc39d2c4ff0218f564

SHA512
2ace099cdfb740d35c9dd66d0afd62e75e656a484fefa62b5660d2e65a3c21da9ec024f47642d473be9d649933512754042b81c4de58f155ac71bd547c97d40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583880.TMP

Filesize
92KB

MD5
6c06515fbc06fff6ed7100b2dd524866

SHA1
9df758c74c7ae2ba39bb67e0d2967521257393a4

SHA256
556768754a051595df6f980f72197f7dca2aeacdf12627318a1198ea5424d0d5

SHA512
fe4fa8fd4b5c7eb40ffd228b628ea59dd4329b0530117d1af51fa80b4b948ade0f818b190e99359422e52d1d35545800c36dcaddaeabfa04abdb062801fa149c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\aimwhere_crack.rar.crdownload

Filesize
202KB

MD5
21d82d6e2e02ef14bee2ce542c26ae6f

SHA1
b4b589a651a6a4e665580f8bf2ec1699ee459080

SHA256
5aebaaaa088ed2e0e3d73a15d6768740c37aa0e2849700d0a2cbfbbc44b31591

SHA512
e6ae7878f81ac760de69b9cae83e0299418b0d8b0fa2fb9cfb0c66610ad94f0b413edbcfb257d6e8555af619551a7b85f6be94decf802daf5a143c73fc777cc0

Download Submit