399b296b21cca504e716f53dddc8d01ab781b4592306320cb8b80ddcdfda333d

Analysis

max time kernel
57s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

auxia_updater.rar
Size

10.7MB
MD5

15806c88e2569cf2bfaa664fd5a860c1
SHA1

6cfbf0bdab370cd35c8aeba32be0ad3e121e668c
SHA256

399b296b21cca504e716f53dddc8d01ab781b4592306320cb8b80ddcdfda333d
SHA512

063bdee42547d531cda35efc46434c3c2bcf77f850a9284f38703e034732ea2dae6a9b24b92fc2018846637e8872dbd38bfdfd0a5658b2029e0e2f1398701b5d
SSDEEP

196608:96+INFAuQjoKxhO7scD3wj9LfFYk2X4Pq7sx4DORbpjI0XDEccC+/IaruOJKarbH:UjiuOoKxI7sRJLaZX4PasMO7jDEdRIah

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2704	vlc.exe
884	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
804	chrome.exe
804	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2704	vlc.exe
884	vlc.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: 33	2072	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2072	AUDIODG.EXE
Token: 33	2072	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2072	AUDIODG.EXE
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe
Token: SeShutdownPrivilege	804	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
884	vlc.exe
884	vlc.exe
884	vlc.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
884	vlc.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
2704	vlc.exe
884	vlc.exe
884	vlc.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
804	chrome.exe
884	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2704	vlc.exe
884	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2452	2256	cmd.exe	30
PID 2256 wrote to memory of 2452	2256	cmd.exe	30
PID 2256 wrote to memory of 2452	2256	cmd.exe	30
PID 2452 wrote to memory of 2788	2452	rundll32.exe	31
PID 2452 wrote to memory of 2788	2452	rundll32.exe	31
PID 2452 wrote to memory of 2788	2452	rundll32.exe	31
PID 2788 wrote to memory of 2704	2788	rundll32.exe	33
PID 2788 wrote to memory of 2704	2788	rundll32.exe	33
PID 2788 wrote to memory of 2704	2788	rundll32.exe	33
PID 804 wrote to memory of 2432	804	chrome.exe	40
PID 804 wrote to memory of 2432	804	chrome.exe	40
PID 804 wrote to memory of 2432	804	chrome.exe	40
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 3024	804	chrome.exe	42
PID 804 wrote to memory of 1968	804	chrome.exe	43
PID 804 wrote to memory of 1968	804	chrome.exe	43
PID 804 wrote to memory of 1968	804	chrome.exe	43
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44
PID 804 wrote to memory of 868	804	chrome.exe	44

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\auxia_updater.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\auxia_updater.rar
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\auxia_updater.rar
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\auxia_updater.rar"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2704

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2936

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2072

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\CompressConvertFrom.mid"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1f69758,0x7fef1f69768,0x7fef1f69778
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1588 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1316 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3260 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1084
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f417688,0x13f417698,0x13f4176a8
    3⤵
    PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3684 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1252 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1244 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4264 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3684 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3416 --field-trial-handle=1180,i,5251587707239905040,1144927482454523231,131072 /prefetch:1
  2⤵
  PID:1064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0a374908ff613ec0805b0678136ae5b

SHA1
e94525e7722e823b46b0317a27e40c0954a36c0a

SHA256
cb6c37cda570b0b44e87d72136d4e7a93bcdd9451e6d6414a6c4e8eb56eddede

SHA512
ce331f4f81edc36aabfc235993e5351ce83053b746a32203f4b39d27784e004630a06f850e2eb159aba13426f6e01e8652dd658dacc19c99c2a02eb99f6dcf9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec2091c4cb491c84ec23e4ea97cfca9a

SHA1
c52693db5ed2d93535d793b1c7ecc45efd62bdef

SHA256
301b73259d15c0bf28310def67736f0ef20f8ec2e0d4131baeae845647ed185e

SHA512
eef50677b47c961b14646351b63dda24514e5d1f35893c3e901a873989a7678db3b56a8f4235581fa596c05eab85710fff307ab90ff78371944f38a8713126d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aef3ab13a99c2e0f55b6102f071c2ce5

SHA1
a1db1fa0f45d7289b21d59b08ab747ae40df5681

SHA256
bba5203c1fb08b784aab9b7b877004200b99661455a650cce89f29e6f82a797e

SHA512
61aa527ac6e2b1acee7c2d7146534a29c4af774f57253d407f0564170d6206bb9820e1a2b8dc1732bfc6d6fd8169d0ec1cb6d040c0669f0c83332d8da68202ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e59728485ec15c633eb3e273f16c6cf

SHA1
74f6b2dc6eb71066c392713ee0edcc53ab858397

SHA256
cf054f6e2f02af2ba29ceeb59d86e0a2e1901b457f93059061cf4403e397fa09

SHA512
eb35a71c3f40535d0f826bcf31686042d4bae4249224601bcc783cca8a10e5ed9e13d3cc0e674aac9a38b1b8f9365cbcd4b495a79b7bcf47e1eca0ec75fd2f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06787072080515a547a848f67b280eef

SHA1
4f657bdc493e405f87bdf44074161812ec25a84d

SHA256
0ef706ec9327695c55083318bc783d9711d595bfe21af104e9794a1c3e0c7161

SHA512
efb5097595ddcbb1ca45fcccc4dc71b3d0496df2b385b405ec5df78b2003845da5d4aa966cbfbddf0cf0758f9b30cfad5344f7f62d037e260c7437503020c754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c5c5e380d8790098d9a1d62b5b93a0d

SHA1
ffd8963b50146279029180cc8433efc76003304e

SHA256
8fb75ee99f773fdaaf6f5f8635e04c0efac38ef9645328530df0a1c67be89dd0

SHA512
03d86e2f62f7b19b17fd5ac0b86dc944281ca54e7749c9747e18162cf497793941d83475d58c9f934ae1bfafe5dbe6408ef8b1a049dc7d5f88b416dcfb8ec4a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d6a3c82da18084afd41463dea503e50

SHA1
a9da5c10ffb7a9a6963c00290e3a47fd8fc28958

SHA256
8151e614ffe0470b801f719566a3b9a9f72d4e1db68f2361788a4175d12209f6

SHA512
37d5ce4c948d8522abaaccd3f5cad1f8a7ecb53a340c5f789813835358ea6f000126254f44d3fe059bb95417a95112a1145aab52ce751d79cc0a07ca107e2344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\95d52f48-84e3-4025-b445-8635520d3a61.tmp

Filesize
5KB

MD5
ce55d5d80c18420b1e6feeebbc6d4234

SHA1
6211923fce1c09e63885a1f0995d2f8253a91b4b

SHA256
b143575c7cceb6382af25d8a7c384a7239e7b9f92a8770ae887f013c9807dd3c

SHA512
bdda97fe6b40169a7553358097873c87ac8995d1514c58a0e87edc3370e6369e6b515d2da864f598ccf443eda34af3fff545e485f8affdee17ed76e2130a380b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
0430f301d8a8f41980cec25728abc315

SHA1
f19782d46c7b33ee8d7ef4d52b7834e480c6fcb6

SHA256
13f78ce168f1e9bc23e157c211c459559f9db05d3046644b76584fab3c197ba2

SHA512
b6224a32bf8e22d1475b9a492c39f01726a1f7f8dc1a7967aba3fc9637aed7f0fe1ed15adf5571ea5dca372f8bd8a3dcfd83fc0ae44d0c697b4415decf532818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
abbabb224936c2d134537c940ea860fa

SHA1
5818dc09f57ff82258eb3ebca1c8cafde2a84198

SHA256
dacb7e9d01c528b6a0caec80cdbeb0a62ffca49672afbf67ab8794b490f044fd

SHA512
cc08448dc4596a846424b366c5de7d0060619903fc126a84cea8a9691bedd7d0cc4962e6d298351064052c1665698bc532e01d20be8421b0406294cca030952b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E2E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8E8E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
544B

MD5
46450a2e573bb8935da467e5c89e9a28

SHA1
e668f5a2f1800898c7436cadef5bcc7bc31b7df7

SHA256
590ae463eed5a0d8e2e53fb8f25fecd4092c4299bd13f4c08a4f4bea4ed58e2b

SHA512
33c10bb82f228090b3fe1a102d79e00ca5d30bc3233f8b1bef7994fa01e5a720b7ef969ddf53018515e067439f0caca64228c55cc41516732f599490e9fa034b

Download Submit
memory/884-89-0x000000013F160000-0x000000013F258000-memory.dmp

Filesize
992KB

Download
memory/884-90-0x000007FEF5FD0000-0x000007FEF6004000-memory.dmp

Filesize
208KB

Download
memory/884-92-0x000007FEF4670000-0x000007FEF477E000-memory.dmp

Filesize
1.1MB

Download
memory/884-91-0x000007FEF4F40000-0x000007FEF51F6000-memory.dmp

Filesize
2.7MB

Download
memory/2704-37-0x000007FEF6370000-0x000007FEF63A4000-memory.dmp

Filesize
208KB

Download
memory/2704-39-0x000007FEF4300000-0x000007FEF53B0000-memory.dmp

Filesize
16.7MB

Download
memory/2704-38-0x000007FEF5500000-0x000007FEF57B6000-memory.dmp

Filesize
2.7MB

Download
memory/2704-36-0x000000013F8A0000-0x000000013F998000-memory.dmp

Filesize
992KB

Download