Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 22:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://download2269.mediafire.com/h4n4kgtuqtwgSH69ubmbR9vkon_3XLaWevcrqr-1njMJI72fqbvPSmWz7Kf9Uv3z4IwrHT5GZr3flfluVEVF7XWdsOmkVR83eMo19KJWjxBhRrFYtPqgwjAWKQ4xp888HucICF9E_6BxUvYrvVpjSJaiY7JacADp9LXNNph2/ryn8gfodhoef7bx/APK_Toolkit_v1.3_by_0xd00d.zip
Resource
win10v2004-20240802-en
General
-
Target
https://download2269.mediafire.com/h4n4kgtuqtwgSH69ubmbR9vkon_3XLaWevcrqr-1njMJI72fqbvPSmWz7Kf9Uv3z4IwrHT5GZr3flfluVEVF7XWdsOmkVR83eMo19KJWjxBhRrFYtPqgwjAWKQ4xp888HucICF9E_6BxUvYrvVpjSJaiY7JacADp9LXNNph2/ryn8gfodhoef7bx/APK_Toolkit_v1.3_by_0xd00d.zip
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language openssl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ApkToolkit.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3748 msedge.exe 3748 msedge.exe 4024 msedge.exe 4024 msedge.exe 4052 identity_helper.exe 4052 identity_helper.exe 2628 msedge.exe 2628 msedge.exe 1344 msedge.exe 1344 msedge.exe 1344 msedge.exe 1344 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2564 ApkToolkit.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4024 wrote to memory of 4464 4024 msedge.exe 83 PID 4024 wrote to memory of 4464 4024 msedge.exe 83 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 1576 4024 msedge.exe 84 PID 4024 wrote to memory of 3748 4024 msedge.exe 85 PID 4024 wrote to memory of 3748 4024 msedge.exe 85 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86 PID 4024 wrote to memory of 4820 4024 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2269.mediafire.com/h4n4kgtuqtwgSH69ubmbR9vkon_3XLaWevcrqr-1njMJI72fqbvPSmWz7Kf9Uv3z4IwrHT5GZr3flfluVEVF7XWdsOmkVR83eMo19KJWjxBhRrFYtPqgwjAWKQ4xp888HucICF9E_6BxUvYrvVpjSJaiY7JacADp9LXNNph2/ryn8gfodhoef7bx/APK_Toolkit_v1.3_by_0xd00d.zip1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15b346f8,0x7ffe15b34708,0x7ffe15b347182⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:82⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5652 /prefetch:82⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4636
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4964
-
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2564 -
C:\Windows\SysWOW64\cmd.execmd.exe /C java -version2⤵
- System Location Discovery: System Language Discovery
PID:400 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -version3⤵PID:2896
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject"2⤵
- System Location Discovery: System Language Discovery
PID:5008 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject3⤵
- System Location Discovery: System Language Discovery
PID:4480
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version2⤵
- System Location Discovery: System Language Discovery
PID:3248 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version3⤵PID:4160
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version2⤵
- System Location Discovery: System Language Discovery
PID:2832 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version3⤵PID:4360
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v2⤵
- System Location Discovery: System Language Discovery
PID:2228 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v3⤵PID:4780
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v2⤵
- System Location Discovery: System Language Discovery
PID:1456 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v3⤵PID:456
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD526f388a90babf548bf78477002b3cb74
SHA1f7029975d7bf8b57bc30c3a7719b10441ca01474
SHA2565c4840db3688a4182b10c5beba3459c1f7343fef73fdd831dc1fa659e7295420
SHA512bbf0eedc56581240785cba70aa9b871429e2c95fdc6df2d9a768756a2cbeed3fc7482780a111f95c1bc0290f40ae9f8db7558e1be31f6ff601c788c1f03d8ae4
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
6KB
MD5458376876dde62a757b4b7fd41e79da0
SHA1aab176bc92e0ce63485782027bcfe9aaf8903dd6
SHA256d602cec61c6ac5447b05f749b5b424e753e314d7e34654d5c3caf53ca35a6f98
SHA512a72efe99a8e603960cc121f29b0bda913643e0584b3639b0d48f2683ae5c6843e2b6d39cf2f73964b3984afc4777315495f7e63ef557c37071cc33dd3592c82a
-
Filesize
6KB
MD5be14ea761a54bca0bcdb8ed3bff94fcd
SHA1a2497f2a104396510762751b3ef33cd77413228c
SHA2565f33a8954a48e8c58b2bef2dac6c1ddfda25818154e6ba4013e78bd2ed153cfb
SHA512c017e0380c7945eeb9ab8bfe5b340039b4600de31cd7329753816d5f4bcce531d54ed1f36bfc844ceb7f999aa1a42db35b9ebde3fbdfb14b171bfdea1e4f8042
-
Filesize
5KB
MD50cd3011c6e275893c9f0df1d253a1bf4
SHA1425ab4f44b1968fefb478c6a222388919970103d
SHA2568dfcc885cf860419c15be852afe113f0b55f5e348c673199a6eef644f98d7997
SHA512a5d0f1807221295a7bebcec552e861f03dca683f272780906139add561767d4ed341e9a374ee94275226f3e1260a48a85f0a564f43b984623ea95cbfb11c49cf
-
Filesize
6KB
MD57523865209bff42a990d70d3f683a257
SHA164f02babd77980f6bd04269e610059d0b21d7da5
SHA2563d2e813eaf212e10f362193b440b35977efc7e33d15faaab3b74a39efd29eb80
SHA5125e8d663f648ed7450d08c2f3b073331b9add2e691817706af6e60a30864168e134e8f5a4d75567b04d6c42fad0cbb4f69051b1424442506928c95be0a270a376
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e646c31f211c26a27349674340f19f9b
SHA1f221ca85ffa370d25d1d3ca3f9ccce99075a5542
SHA256424bedf320df0b8d4eeae3c7eb239912e8c9a9037b1fb7b4417b93d481cb8ba2
SHA512cca465d313bed814460853177f03cbe0d2f11f992bf38b3ef96c005437433306a006ecd3a33448a89f25d892238712e6a02bbd72fdbd5fa22ba2757fcfb3d77c
-
Filesize
10KB
MD5fe49700ca4dd1feaebd67671255fafb6
SHA1cbd44a104e61d9696bef542107dff6aeb20ecc43
SHA2562c89ed416142b677fa536b69a5b614abd4e9c87a8c568b28941ddd7253a36ad6
SHA512add4cf82096f75a760a4ce8f4db8c9ade25eb85c80af1dd2ae1aef3c52b9061b55ec363f3b5cb04b2d528ddb9ad32df69e99e48b561bee678b4cdcea14bfb6ac
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5a8c0a7f9cc52019bc139aa5192ac766b
SHA17ae80e4f2d86d0a043677dfd48799a7c0445afd7
SHA2566f1e2489127a181f13b4e1d378e6d1cf12e7d0a5f75833bf077111b9b6da31d9
SHA512b9e6b1ea35b39eede35644d0faa80ec534ad5e42ebf25f3e80af6b6d3794a30935efdaac0881aa7f3c4e109e8e272d689218db31d4a4c9404de691ba62fa5e04
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD54043a824d6b73dffc2e6a0d7818a04ac
SHA1b2397ded92f273d63199cefb0974f09ae1683264
SHA256b8902392a7cca5821d5c55e5f0aa6868a46b5ce83c9baafdbbb55ffcd8a84308
SHA512dd2709cdd2d665a31791695287bb01a9e2bb93f24de39c55f165ec95feab7438789f5adc00bc7fc43e68d188dcb7836c4d58ead7065b0fa4ad67a042ebfa8fda
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5905194947da8423b541156d610194a2d
SHA19dfc385906ba5b9275a93819dd0e5490b0519040
SHA256e7b9cbb0cc8b7061004bc91983c7104dfa84d9612f4e73461967fa686616162d
SHA5122d9a113474cb10ef4df25ad417c924c2e691df981e6d312357a41a9aa9b008787a8e89b9f2dfaa98af307209c614e7865ac998ce14314986a12742afc2d536ec
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5c74339e3b7a09dc9854d0f93e2d9c037
SHA19293c5ff89dd80023bcb046c53a4256f5eaabc2d
SHA256ea4e37c62e0ca6fe0416db32b135d541c3882400b05852e08510ce6b271636d3
SHA51205832aab8b42331955d4902b4298edf162685ed0c0385dd224cc58e37386a4845c2527ce88ceb4f9fb7e7e9324b895ce42471aee93da9eae4e90e51b05572f2a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5dad80d5c6cd67a2c7b27c8a4d53f48a9
SHA1f38ec758d931d5a7a7192f85812e85743378e601
SHA256c4a0a106a0d09f186665a610458dc7a28e6bf7c163058fdcb19b2342883836b1
SHA51253edd27f53f4d25c1a8484d22ac9befa6aef5e98118c5742f81412e20aca523e864a79486c20cf3e70e0f70c3d340dead1bcb7f3f065847262f646929cc2385c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD58675440a04ab553237cbf4cc5c4eba00
SHA13df930d4cab4a1c4735c954013d1c54e68f812bf
SHA256486923994c6a6c0865ea35d9b23f95f0fdb385cfa3cee54252711e362b9e221c
SHA5121522598fbcfda666234c1cae8a4f4f47c6c75bb55395ead48e9b35e56c412f1bdd92ff278344ca2bf7c706f52bc8c744d68eb7cef0e832cf7f42dc7edae1d4b7