44caliber | 1862de02fa8eff612a8d616c5d405bc5898c35fd3cfc74c6b8ceeda8b5bb8db3

Analysis

max time kernel
67s
max time network
143s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CR9CK/CR9CK.exe
Size

303KB
MD5

d58c2577966ca8563fd69729151f52ea
SHA1

efed2d279e6b2a23a46392731cc8d36411bcdcb3
SHA256

4164f7408da2a5a31318d8a6da3c17546f6782822a07e928c0824401cce69830
SHA512

8502777f3ddca95dcda8f1962945f6285ee0fe2a2bf008d35066bf0b6eb97733822d7ade6c6b5134c64036d2a2d80802641529283cd30d757bc0b552a5fc9b1c
SSDEEP

6144:Uz2ZNT6MDdbICydeBblLIGv2A5siP6vmA1D0g/O:Uzi5IGv20sKM1DbO

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1259949517135151126/locx-MKcF15uY85qiDh_Kt5nRCte0luK62KFHfEH79iF3r9uRpGPhsG-g9YijITFCe5d

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

37 discord.com
38 discord.com
39 discord.com

flow	ioc
37	discord.com
38	discord.com
39	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

CR9CK.exechrome.exe

pid process

2692 CR9CK.exe
2692 CR9CK.exe
2692 CR9CK.exe
2616 chrome.exe
2616 chrome.exe

pid	process
2692	CR9CK.exe
2692	CR9CK.exe
2692	CR9CK.exe
2616	chrome.exe
2616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

CR9CK.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2692	CR9CK.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

CR9CK.exechrome.exe

description	pid	process	target process
PID 2692 wrote to memory of 596	2692	CR9CK.exe	WerFault.exe
PID 2692 wrote to memory of 596	2692	CR9CK.exe	WerFault.exe
PID 2692 wrote to memory of 596	2692	CR9CK.exe	WerFault.exe
PID 2616 wrote to memory of 2956	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2956	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2956	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3044	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3052	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3052	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 3052	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1656	2616	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\CR9CK\CR9CK.exe
"C:\Users\Admin\AppData\Local\Temp\CR9CK\CR9CK.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2692

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2692 -s 752
2⤵
PID:596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d99758,0x7fef6d99768,0x7fef6d99778
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:2
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:8
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:8
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1592 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:2
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2892 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:8
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3752 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2456 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2256 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2084 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=724 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3132 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:1
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:8
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3744 --field-trial-handle=1308,i,7252032957312444328,14626698917556058920,131072 /prefetch:8
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x548
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
45ecec5cc201562a2cc0f8bc051adb1e

SHA1
b3f4dfb9f2320a47c7ce78c0a849969de1a0da74

SHA256
cab17fae6a4038b6f7cb644883bc917634427474d05dc8b4c89f593fff4879a0

SHA512
915f1e555f84c9a756907c8d089bd26a1330b47885150c980be3cc938e82726ce2401ecf7399970506845e11e34fd82bc6b16d9210eb776d67db860ddec11fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
35bede859715446b30964c67eafa00cb

SHA1
28173e5dd38c940e06a69be8f0cd733955462bd1

SHA256
fc9d8f9d054bcdb6793c5c8e5bc88ea7f643874d605e2fc10e72194e1e33ad68

SHA512
8e87370552905a163e476761c42c6fa5cbc56eb8a78970ca6d7242c63ff8c2eeb10cd9da185de81d072c3ad01009c1d8f8266aff5831da00819c20701a9ffdda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
79e3c4f1bdc68b88f94d3b1c89ac7d90

SHA1
b8e3de496b3e1254150d778767158935c00f2aa4

SHA256
4f760b0c0c16b149ea6e8b8d4b80e833b3c21a9f6f22b7fa80ff92c78c40cfd1

SHA512
0c93d218c08c4686178d7b47be9addf2ee8746b53050829d92228a21fec1e09ac7c928ba9274eea3cae3b6ca7ac4109a8f4c2a9474a488d9f3cee2849273fa30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c1ac4193f9a03ba993cdf1c251d3a151

SHA1
5aa133734d34bae22238d6cc1895182a5319af32

SHA256
b43d51d7a3f336a6a9c439af4f40698e8ae7628189b7f1d74eb7fc7a7d6b1b91

SHA512
512007438a40024e2478cbefb242ffaed60c4b7e9d12782ee51d945ef16bb0e4a3d41f9862ee57e6f6e5558fb201efdb95936cd4d4fab292bf51448e285bbfe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8f62dbab08960dd8837df03d38f12f52

SHA1
0655c1e1ae2487e8553dcadf17d3897be95d0bcb

SHA256
acc16328234c6882de5f5ac953ec52ad270c31f570df4d434547f787ca13e771

SHA512
4f840777b50ffad20c9b394cce50f903cf72caa48fa1c5e957518e56b3898a510c826487abd7321cb883d189ac06c220fd2bf4de898c191357866a044a03d927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
97f5923d68e5feaa8c1f85edbb5af3bb

SHA1
21f43ece9310db3a5c131f21f359d70fe55e11c4

SHA256
9b2ffad891057f4600b5444b7edf8870154658a1981f0f11553d89ab5b329b2c

SHA512
c2e73935e633fc1b2ae631ef39cb1f6c34836d8cb34c64fec60aee84b480324033c01222fe5e315b96bb493a088334f7ca887f274d616ba0eeaf3a1199948f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\377df1d2-b9e1-4e4d-9ad0-2c2dba5bbb57.tmp

Filesize
6KB

MD5
127d0db7a5700f4a249ca21b0d636e4b

SHA1
8281f8bad245aad90862f89b751704d9a9955726

SHA256
c9dda7d59bcabe9a751c4a0e3fbbff417323fbdee65f32a5dda57e1bc6f71e5b

SHA512
1930cec0a6705656c61eb4cb50fe74f9d8ff482c9ef3d419c8738b8ce237eebcaad6295718ecf35f5c9acce309a008ca40bff972129185a8103216248fc88a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
76f01d98ff9ca953ef9578984985903a

SHA1
b27b21f9bd8ec0320f1a30f67b321a3ec89cfc31

SHA256
87b58b206beeed4df24e9b8e4cebf6b7f1287db07d6de61967cc3d161c660e95

SHA512
b345c6c4e605bc53cefe9dfb4730f8356bb5e2097641c7222e407348ac2033e7356fe68caf7b5a032ba3e82d0121848034d1b35f98118cbbde65f24368f49915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b0f8f79e2080aa2c1326790605f6ec72

SHA1
9eda6b2d4a9177256a5d13105cf70a9366b28390

SHA256
9b69c8308e0c5994fb513625831b5756757ea07a91ef3bb741a9d009b68bb2d4

SHA512
bd5f1a62bd07adb0c7c70813541da61c677f3c4625aa4cc9e99d4ee701f7503bffc1868e2823077502b5a23ebf41dc26cf0ba4e1fec5bd8c02dcdc3df09ad2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
491f7db01bba10dc471448fc7ed2c243

SHA1
b7e4a2f1a17d3fd93ba670e25d10d8fa3f496395

SHA256
94184d0cfc9f9b18b5eef610efa9ab2232d8ef8f8bf47c7b8b18bb6e2f45593e

SHA512
3437ee5bbb839b1c165e8f820729c637d26088490d2f87a4277bb927cce670980c53ae2c8c754df36369f2ea0e10712ebaaf4f667ad4bc79a1f08255ef8e172c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
7eebf18ba8c8015dabed8a3e6b8840a9

SHA1
1e9e1f2be39e6f56a93577e0c1edb4d5b60cbae9

SHA256
594237c0c2f528672144f53da18c7709602f8249f13f9eb487d8a991250c3614

SHA512
a319aa6799cbd7648ad2628c82b1045ff9a00b26fdfa106e0a74c20262649d6c5b3680dbd0b95d65b9f3dbca9d4d54cd354fdc756f6862ee682786a7095ba233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
95f849f70517215f37633d273abfd90c

SHA1
ed36ca231c43a69898097456edd4e3a2e15bc4d0

SHA256
f532b0bf7f22c6eb95bdd366b0557d48ce80dfc7c6692ab958b7df5952840a55

SHA512
469b921c33c1bbc640a888948d445f8a888ece13e9448963cf4f8a15f7d3765c2c0c8c6d51e53cc57997e1bd97ecd2883d6b27450946c8b6a74350c2a144e750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5dfdef76e593a285951288665a1ba709

SHA1
e5199ea3040733539124a6070eec479d9dd5f12d

SHA256
93b4d71b66f4cae7d5dc92cdff45f9fb4347282e241fb2f2e467e0a5d0dcdd1c

SHA512
975a92de6b82ebce1184e02a53f783abd49673a0b339ec25ad5ae3b15274d14a09e9733b631a36aa74837de141ba2dbace3c99c167bdf8cb42402b409317b6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
af5a1f1fc20442b2300982b71df6a790

SHA1
c23cb936ecbec984aee49ef4b16504debe339012

SHA256
27429340c0e5772e7fbde4d0a89b7e87666fbbabaece2903fc84e582d7dd4b67

SHA512
158ba07138d264c60b40ee8a9ec35e5345143d4243f266a66c37c2fe98e9a1b03467598bbd3ce08138ce0419aeae530a81d7b8c0cfc73e925a738ee817a1e15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
33e63d2adc91754d34b05241118fe962

SHA1
ee4bf64b697044b786c90fadfa8818489c39736b

SHA256
3849cb8cb379a13e702b538ed4436f40694bf98d88134096145cc26ad08c26a0

SHA512
134e3ad5da104f679e60e68c588a40160ecbab538007fbb50b17d22e36b09f7c049809d84f510eaaf0a894d94918add8f8346c3b04d727df0dc827ea14fd0cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2f0a57d24c57ad3e1fbef77dba55469d

SHA1
a533ba0c30001f0958062e7f46db62f1aab89668

SHA256
8ab918cb54b854a093106f94da75d85247937ef3adf28c2def0704ccdb897c53

SHA512
bbb3d44440d4b875f8931bf581d3ff93a6db74398ce823e683d697d9a739116e43febc77c4e0582df384862f4fa5e62b052a45558f0216dce94e04764542000a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5f604847c640a039400e853b6fab78c

SHA1
5b93e57f13f8725cb54892963d2a1f5ecd0e4267

SHA256
3ab789b11d77e129d190beeaffd7f15accfa942374b3d76b9b0b9ff991d6d2d6

SHA512
e3e8941ce63669bc7c46f1a926d2d3df6e12518298bc12caab21b8c75efb8739ae737c4cf54e67fc6c5a3ac5c98a72b8e35f5c901681134b4aa21e8420c43b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
54d120a215dc924973ee1ca6dc96a710

SHA1
243180bbf08872141cf8499131f1cc19c156c85f

SHA256
f8d7a77698599a48433035945a7e32474ab97228ebf7c50d91302f20c9d22e90

SHA512
489204b45e463d496b5c53f720c477ba30652a64efa2da276d89004a9c1f2393c28ffe9bf36db5baafb1728f21ccc0e447b78dd6d63be2025c96e3e2d15fd91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
309KB

MD5
0b18bb3d4820c8a6e0e316fea5c7b717

SHA1
ad91d1d5a5f81cd01700f2f6cd64149e1f8f3054

SHA256
8821586dd643fb78a19d4eceba5ccdf3410416d4bc6f56fa5f57041f7889dbc1

SHA512
7c62efb93aa9b43006f888b58d4206aaf8a2513a377df47c83e13e482a67a9156cbe5e69d0372e61d1e4007e055ed495b7ad293a1bfbd5ea1fc2cfb9f90a96d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
309KB

MD5
29552355dccffaa7989f220172aeee57

SHA1
c883a5c28bab4615682aa1bdee484b9708a86078

SHA256
c2aad050311fcbde26ef4517b46c357eb39416928ee1121f9f7b8d1a7d5959d4

SHA512
e2e646850b402b7cda426607aef80eed1cadee3ddb455c9b68992ba49165029ecaf9f98763092c6bba1d32d7bac7d2e4df8ab143979477c6669454e0e3a9cdc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F6C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F9D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_2616_BSWTTJURASUCLIOV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2692-0-0x000007FEF5EB3000-0x000007FEF5EB4000-memory.dmp

Filesize
4KB

Download
memory/2692-22-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-21-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-1-0x0000000001260000-0x00000000012B2000-memory.dmp

Filesize
328KB

Download