From fbd681d5997b46ce32fe8b9edae5dd5cc678db76 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Thu, 7 Nov 2019 01:23:13 +0100
Subject: [PATCH] Update analysis.md

---
 North Korea/APT/Lazarus/23-10-19/analysis.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/North Korea/APT/Lazarus/23-10-19/analysis.md b/North Korea/APT/Lazarus/23-10-19/analysis.md
index 295c52a..8fa470e 100644
--- a/North Korea/APT/Lazarus/23-10-19/analysis.md	
+++ b/North Korea/APT/Lazarus/23-10-19/analysis.md	
@@ -56,8 +56,15 @@
 ###### We can see the autoopen function for execute the macro at the opening of the document and the data of the malware in base 64.
 ![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_4.png)
 ![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_5.png)
-###### The backdoor begins to do the reconnaissance actions like list the process
+###### The backdoor begins to do the reconnaissance actions like list the process,system informations(Username, ComputerName ...)   
 ![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_process.png)
+![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_systeminfos.png)
+####### This list all the disks on the computer and all the files in current working directories 
+![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_disk.png)
+![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getinfos.png)
+
+
+
 ## Cyber kill chain <a name="Cyber-kill-chain"></a>
 ###### The process graphs resume all the cyber kill chains used by the attacker. 
 ![alt text]()