e7cfe19e2f7b88620b0fde61891065ace2b4a2c200aea8e1ad82c4abd171fe98

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EZFNLauncher.exe
Size

6.0MB
MD5

cd48b5be93cdbce97532e6901a9f2ab0
SHA1

4c04d9357f2ffb49e85b0b561d7701b38246880e
SHA256

e7cfe19e2f7b88620b0fde61891065ace2b4a2c200aea8e1ad82c4abd171fe98
SHA512

6dd9a38f998d3d8d8eff3c3b8a0b59f08a244a9279d7ea293d176e58f50a16e853147b2495e20702256a894603c9a3e9e916a1d51455616a900e2360c5025cd6
SSDEEP

98304:qAEtdFByEamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RyBMTv3OssLSu:qnFMleN/FJMIDJf0gsAGK4RyuTOWu

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2748	EZFNLauncher.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019244-21.dat	upx
behavioral1/memory/2748-23-0x000007FEF6230000-0x000007FEF669E000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2748	2696	EZFNLauncher.exe	30
PID 2696 wrote to memory of 2748	2696	EZFNLauncher.exe	30
PID 2696 wrote to memory of 2748	2696	EZFNLauncher.exe	30
PID 2620 wrote to memory of 2652	2620	chrome.exe	32
PID 2620 wrote to memory of 2652	2620	chrome.exe	32
PID 2620 wrote to memory of 2652	2620	chrome.exe	32
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2684	2620	chrome.exe	34
PID 2620 wrote to memory of 2232	2620	chrome.exe	35
PID 2620 wrote to memory of 2232	2620	chrome.exe	35
PID 2620 wrote to memory of 2232	2620	chrome.exe	35
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36
PID 2620 wrote to memory of 2096	2620	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\EZFNLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\EZFNLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\EZFNLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\EZFNLauncher.exe"
  2⤵
  - Loads dropped DLL
  PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7149758,0x7fef7149768,0x7fef7149778
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1776 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:2
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2876 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:8
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3752 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2320 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2272 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1120 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2348 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3044 --field-trial-handle=1444,i,920001389432684219,8209683938605911834,131072 /prefetch:1
  2⤵
  PID:2260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7303544f0ed386831d7e4590f8edcc

SHA1
cc1b3bbc12bf5aade5a5b6f2b6a1f76f47a03047

SHA256
0ed1f1cc293f77453723b50996154c9230f3363bfc7ec85981a8d535619c57b5

SHA512
b843ec8be5581afff75d5b8165d711ef3fa00e1fcc90181ad32896ab700f94d8cb0a309e40affe20207be4411133bd837dddb13d35fb90b18055d6e7d9cac45b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8dda0e8db37666f6ffba91ac652b5cf

SHA1
662c114ffd23d8022a1cc466f8ce1f715f66aadf

SHA256
205ecce5494a2a162ef0e0548ef57f3599ea181ca1ee1e3b097bfd86bb0f0bb6

SHA512
d08554ea889706bc7d93e9d8ef15a41af5d1742c84b444a053e20205b3e6785065714c56ccfe1232f8ce3730bc176c0bb7806c77c26c0d9c77a5f8fc9d8b3ee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8586eed8f15d08007bdca8eaa3f370b

SHA1
79cd1c23217793138ecdb479ae0a493abc09a5e4

SHA256
44e880c497cca505579dbc94933545fde59c4e0fa64f27de88d6f5efc08ae5bd

SHA512
14e08f75ec53f413759ea6afcc8490b3df8d5d7a90a67af1a85ee7b6c27c39256de268a336db180b2eb82875e9f04103ea5c02751e3b111242fd38d7c1a47165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0ff06ccc424d1b48823c3df76a7fb76

SHA1
ae17755d3420092c50c1440d9f1b34bdc01ce529

SHA256
d6590c0b679dcb3ca028865016a5b6305bd03a4a03929ce1733f5b08fb29ff04

SHA512
e75f286cd015404ba82652fdd74dd61e64d768e0d812250f0247ad0b21d5b8a497fcbc8fac4420403d2f86e5e4090e67e357445bcc9a23dd5664c05342ece610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c251ef94f5ed18ecad967cdb472d427

SHA1
2ba896670088eb5d455cdb0c4a9f42a382fe893d

SHA256
0216cf2cdafd73d849459089358e8e189df0c9311f5c81ce260b1555c092a2dd

SHA512
a3469fed2bb77107282590d8c15c697c16b65cb5e2d44b42287a600ff34ba3f65ffb8278bcb7f18d89d0cda91496871ff0c34ed230c346f35e8f7851be407c4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d731c50eb977a71956727627dc6d773d

SHA1
4217f10125e8ffb94c0d51509bcc195b261ca1b5

SHA256
96ddd4e38a4a70847297dc032d93beaaf6afc58966db0929982d194b2d44498c

SHA512
71544715996214c641202035a085f6609986452967e7214b7b2a8f87b0eaf314fa600903f9c6b3021c0f811c1dabac69e72850aa2f3ff197583eed19be1afe71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8af661d9319178a6e4ea1ee17d7e1ea5

SHA1
8c76736ecf6a7136bc25c581a33d7ba722074415

SHA256
02e12824423fc3cc10128a9bc6dc0092ae91e93284215c2441c312e002302da3

SHA512
a536a0b60ccc3a0c13916bb3dcd20cca3eb700ed74ce9d0990e845bddfa5156f41e30b656e2605f541326dc56890e63ed75368cbbd5817d3d8f770d786532e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\733e0a59-dedb-4698-a313-c4d9ac4868e8.tmp

Filesize
327KB

MD5
ffbec226d866c6a48253ba3fffa27f6c

SHA1
e6d80fa9af8c4fa974366319d9f65af7e8930d0d

SHA256
f7bcafdbab96a441519aaa83573091f084042e5f35e1efeaa92ca08b84112d45

SHA512
3ceea9dfbb009f81fb2bbd6644b14aaecfec4e8bb88b7c49b44a01129f635af89c46581d66e1580bdfc02f52a6a82a76251d8b65ec945f28c57f0aa327ed386f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
70KB

MD5
e383ef862f4c7f2a0c8914815681208d

SHA1
e280c3d5ac7a4168711d8ffb5943c86fe04b9d04

SHA256
37cd92c2c53e7a916e02f3c90a58ecc8510dd2663b6c8ec44407765802c9a90e

SHA512
e665e11c24e50520da6b83f877fa45fe94ed6eb502c4f9bbbbdc2fe539b54111d0a7c442c5828b1f58d000e3f90f33ab600dc9f120e4eee8748931378b265c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
418KB

MD5
c318eeffa9849723ba4364627abeb390

SHA1
b00ed62716025162e8e8c64f6a5318977650e375

SHA256
f16ec2c1ab973254d833e6a5f115b3562839b19ca1b276f5ab1ed2398fde420c

SHA512
927a608adc871de72fdf5b36b9e6f6ba3cf2bc86611866bf6bffdfa29a899be4bb72f3c85b931ce3333cefb07842aa2d60dfc7a1aea1a0f7ac83de9ce45d0ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xnxx.com_0.indexeddb.leveldb\CURRENT~RFf778f25.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
e40449ba974b622f20dd4a0b57bb748e

SHA1
099760f1986434dda575f71e5b7da954d4dbc31b

SHA256
8c06e84f75d533067c5cdb2eeee9172b6cd25e51471b955069ee9d5cd909d6ac

SHA512
6edf430783ed38d0fb79d449abf1eae950904eddba8f3b74824d2d64c433861451e6017b5938ac4c8060a9f331281ddc93a1d722b759650cb9186e888cfdebff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
c8afea86ab01fe79c66b48d608e66c8d

SHA1
63a8f5c5a87774e9adb0183cbc55114cae0d2343

SHA256
535294b6c35ad186e29cdf6b490f4eea3fe1809607243b31a9859c9f3f0206bc

SHA512
f9a6d165c764b5e2c3310300efe7094eb7787e243d1b54f4fbbdffe02a271d61f638923b80fde9416cee7c939b81aa188b61a7d7e8ec9a6c7bc378284a25d8e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
c1ed1ac005d7dc0df78aba5273f6e58e

SHA1
845b82d7e853ce59290a7e4a311e20eeac7d669a

SHA256
e3182cac239511aef7572255357213325837198b95be8a850f89c0cee320e237

SHA512
cf53c456a31730b6820c96dde5f32a97812b29e1973fd4db674d008fb984988a6178f6e66cafaeeefa5a63e5b47b536a87b82d6952241bb0666bb78ae7069b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
b14978f2f6b271be4f3cee27962ddaa8

SHA1
9a9538df0b3f6b7b21a2f76105f950021aca6273

SHA256
eac6185eb5db7114d0241265b6725c3b93af1315baae8a690d84aa0e60e79e95

SHA512
6f44c5f4a334a18d54dcf9c776f51c38ab704997678d2ca1c5f0b862d59ef1204143e8f75b6d3e7a88096e0d3fd12be32dae82fc83eefd441a0e99e84869ce7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e58bdd6b604909ddc7b2d48e988cb4f

SHA1
2af340f02e2d7f4f682052459f73c61397a8526d

SHA256
5ebc251c1af9f07b4d472a3cd9424440fd87ddda3753eeceb50d230a5e858a36

SHA512
f9b72fb440f40c12cc17d32091cfc8dd4b47a02bcda2435a733ba01199dbb46edd7912f2f341ad89c68c58c8faa1c74276536aaa6f418c87a99c2e34805b0bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fc92844d57f777f46b9487a24c7c2bbd

SHA1
1081675b533b7f377ca4c9d07324a4dfebdf1937

SHA256
c34694bbbe5f8d07b2d6765e8392d2e707a06d6f644146baa75441f70fd96541

SHA512
7f84342f04f2336f35bf122e4fb0b2270334ad834e1ad6f461490792a9056acb996016440de9b0033306e841c59276dfe6c0c061fa0a1a0c7407d2de2ae1c30e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
942ebabde1451864a42976730f422a0b

SHA1
0271012bd01f235dac6d38bf6558ed829686cbb7

SHA256
0790be861d67c2da0d6753ac1564839ecc75e58e8ed0a3d41c2b89a29a4580cf

SHA512
03c7ed59094f554bdf6dbd486b9fd3bce1871a8ef8211cea00a060690b9d8d0de8be232b71f7585dadbb1bcd35962b09328add2a9e0ebc30eba12eae417e9345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91e572d7b5ffa952db96347b3eb04c5c

SHA1
81d0d0f5e0cd4e8111c8c6d0468e343c99b363dc

SHA256
7da81b6e17ba434d1478efd99f68838aec93f796d5b4acd7bc8ea73ed47be709

SHA512
43bb24a9e62b723836d7a8567db9532324fdc6f978ada519138c437ea6b2755eb0ccbaedee3a37daf98d8196f41d7d8b3b80ff4c05546e288e49146aec7527f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c8cfd97a61197a999dccd993737060b4

SHA1
519f6899a88300794b27232eabdfe7e01754f599

SHA256
068deef67530bf46f96f0f66cfa37ab58c4969650afa4ded7519671b7e9a46e1

SHA512
9fd9b7fe4cb39a68be19606b4ce65ecef16d520b58acbedad850e736d3d4133296c593f4652f04d39e0a344a5c169bd8237c5a681e6dace501060b91e3493676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
327KB

MD5
126fdea9938f2c708bf529a90b7964d3

SHA1
55bd6473c1fac9befd4edc35069bfcf0dbf4355f

SHA256
020edefc87f7f002622e038505d6acff15bae386ee1d69c4be7e9d093607717c

SHA512
649f67b21b1ae9769c1ef9817c616bc33cec3b1f25d1797f1acd83346032f2f2afcf21a7ee76a03f38ed241944d0cbcc69727e47e803fd57c05b61f3070e82c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18C0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18D3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26962\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2748-23-0x000007FEF6230000-0x000007FEF669E000-memory.dmp

Filesize
4.4MB

Download