hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

23/02/2023, 03:18

230223-dtzaasee76 6

23/02/2023, 03:06

230223-dl9fasee57 10

23/02/2023, 03:00

230223-dhndnaee52 10

Analysis

max time kernel
69s
max time network
223s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/02/2023, 03:18

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
2540	SCHTASKS.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1248	chrome.exe
1248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1232	1248	chrome.exe	27
PID 1248 wrote to memory of 1232	1248	chrome.exe	27
PID 1248 wrote to memory of 1232	1248	chrome.exe	27
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 364	1248	chrome.exe	29
PID 1248 wrote to memory of 1140	1248	chrome.exe	30
PID 1248 wrote to memory of 1140	1248	chrome.exe	30
PID 1248 wrote to memory of 1140	1248	chrome.exe	30
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31
PID 1248 wrote to memory of 1680	1248	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefba19758,0x7fefba19768,0x7fefba19778
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:2
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1172 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1312,i,17977683189535032873,18077767342310659102,131072 /prefetch:8
  2⤵
  PID:2076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1736

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
PID:2260
- C:\Users\Admin\AppData\Local\system.exe
  "C:\Users\Admin\AppData\Local\system.exe"
  2⤵
  PID:2472
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\del.bat
    3⤵
    PID:1004
- - C:\Windows\SysWOW64\SCHTASKS.exe
    C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
    3⤵
    - Creates scheduled task(s)
    PID:2540
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
    3⤵
    PID:2560
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
      4⤵
      PID:1012
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
    3⤵
    PID:1872
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
      4⤵
      PID:396
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
    3⤵
    PID:2596
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
      4⤵
      PID:556
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
    3⤵
    PID:2588
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
      4⤵
      PID:1444
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
    3⤵
    PID:1296
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
      4⤵
      PID:2044
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
    3⤵
    PID:2244
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
      4⤵
      PID:2660
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
    3⤵
    PID:1652
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
      4⤵
      PID:2344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
    3⤵
    PID:2684
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown -r -t 10 -f
      4⤵
      PID:2744

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\1.R5A
1⤵
PID:2212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x19c
1⤵
PID:1004

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2120

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b3e28cb4197fcc0744f902a7fdbf0b3d

SHA1
1999af8d26886376cbb6c0f1402b25ff2544388e

SHA256
7c73d70d4ca8a4e187413660fb6f7bdb3b2199c9aece0b4d0e5a7748c8397b51

SHA512
f55919151479c3db3aa2a79c6de7a6bcb57d402a5b5f36ebae326da05f7da025f809992db7ce55ce1b1b9ef92b929a71ecd82436c8b7cac5dd3c411ebce1c529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6ec708.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c269cd0a576f069fd36b26b496cf1acf

SHA1
c76d6032824e0df45a7b4685d550664939f7c0d3

SHA256
4fde16e559091d92c035323a5b39be883102d87a870ae4459849c3bfa467d110

SHA512
9b74c28380986c2a6f8c8fa708d7f206f67d721153194bea3567c45b8ba4a689ef803d5808a077db6e456d625974646b34e5e027a055123634d45e9c341dbc2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
32a5778ce6de62c8be06211b85bb2f8e

SHA1
44a769cda154b3a51ae286d39665f528ba0b3e0c

SHA256
528487be2c1c0febbc595025e1a2fb53162959168ce5881916dd72a7322e184b

SHA512
6c09b762689634f52b8dae0201f360a90a322224f415fa314a2cac5a7546437f9692626246efae903c5a6e96663f3c079cb14de6764b9c9c86ea44d943887995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
824baaf9545799f0674d7308f1aec9a9

SHA1
c756f1a805b5ee7a8abf3bb2ef5041f236698e18

SHA256
bd3022c524d59cba39075cc5dc7cb46d87d0511167f8ab89c43ed18196f0673f

SHA512
ac175d14721cfb395c29a84fe9109752ff1dc28f20549011b72da811b4d310cabddfb0de788c0abdc79170dd5b5c1fc9ff9d80b3a3844f3f244894ceda275e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d31bbd44200a890ccc135b270bac6e1

SHA1
ca54e8f3e4507bcd1abdb9968159c97685d3129c

SHA256
7e8391d5dd951dfe1eca46748cacdb7df2426623e8b68d1ac6ba4f53db0ede46

SHA512
676721dd76167d4101145948195a99a70ca98b2579ae8c7bd25f866a0eedec4f5c29da72eda5a37937b33c48c486b8da5a49931f60cf59f8faed5863ca02443a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93cd4c34251e530e0a11ed17b3d038d2

SHA1
3a2d56a3be27370b57da8f122bf5cfb01104af23

SHA256
90a3f7f2823865689fba35a0d066fa733fd02968f776b26ad9ebbebafa3a0437

SHA512
b42ead128f84b6a53cbc9cea05ac0078498f3c7e00215c243268a4e9fc21af4b863cd2108841426fae8420cbf1b5ff64130fcce18cdbb4a546a88a776607f364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
546b37f760e20fa0ef90365e45932430

SHA1
d614ff83721e664110837cb19adbe175a452e3d8

SHA256
51fe5c6a78a4c8486ef39ed0d5362bfb6c98693b50f7af846c1932586b25b578

SHA512
801165b39d3c25512733ad040675cbd2b2c78107879f7d434a8f52f8d3b919a08d64f1f360dcba79bd80ac5cb05dbc64d399b45a1f3e06e1c576276f365ab725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7e5dc3b2ef2db663ea2e2622359c7e9e

SHA1
4b77a6ab76d7566813fd6f43f66fd5ecae6a6a9c

SHA256
7b57e9475d14c2ab8b447c1dd3af03063b74ca8ea0aa98c02329159a4a7cb744

SHA512
f76880b14bca507fa1169698f0d2709b8cf9a4d318beb4d11e842d173b8f4fadaf3f274069390b57790b2b31b0de3118b2f0423ddcf1090bb804bdb0ca94024c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e9b3bd97d873d08f920c472609d976fd

SHA1
e7a548bb91717da99c8bb4bcfb0a8df587b8bc5b

SHA256
8fe10578d31b736afbec7448a5386c8c130aaef670f53889bcaf8a22a92e3cdd

SHA512
7f869623353521bcb9ec5141e4033323b4a89e143bb8ebf0c75b32101f471b152c9b3174f217edeb1fb3111b6af199fcc6e7a3bd46b1cabf0a4159b0f4796e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ff25ea09e11158d3d257d9f3e3a1c870

SHA1
6b16263684c21c12e1c46710425257b3ca5b1ead

SHA256
5c88a8edd0bee302061521ccffbfad15ae72ef7d4a4857b4eefcc66aa43c276d

SHA512
5e60d941051e911c5721aee0a6ab58ef6e53bdde69211198e1ed3d8391021091b2e813c38fbda21e3bf9ed0fb5801eb782c17e35381c265e2f2f0285ef0e9fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7b1f7c36d01973aabdc0c870c82e0029

SHA1
bb13f82c119bfe132d136b4a97611ce6a6fd9030

SHA256
c845e13e005e505396a998dba50d6ed205ab4219aeac7a3a24e65fabaaf69bcc

SHA512
4d3ab8931b5abd552bdbe56a38e477962c8104bc5f490079f8081d182762aab3ce8b721c33da89542de5045fe0a6c0d26c01a4daccc066d00816c6b7e6c34636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f39619e9-b108-42b4-8095-b0aa4d63623d.tmp

Filesize
4KB

MD5
4ba158fef5c74995b9f79bfe78b02ef6

SHA1
196cf87ed6c44643cd3ade5b47d08a53e801c77a

SHA256
c2fa358c550e281f3d3055942ee95fb2eaed1169ce73ddb38e5250e626195bfb

SHA512
bcc98d5bcc5e6e3403762504831c0c27387cdbe7410ab880575dc44ecd8903dafe61cc0d48b5ff12d6d5b4e730ae6024c73aa9f67e9cd2d89abfc25eff8d3468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
7978d962dcb9cba56d82b1d922965793

SHA1
4334bb3cdc4bd54495ab38787ad2990d92de958b

SHA256
1735cba6aff437142d035299a9a82211778fe6eeb299c63765b380268da575b4

SHA512
b0fbf5404b2231961a4bd9ea2b6613d7cb07a32a351053879bee860a598a45999003d92e00fe7dcd0213c9aa3b5e18d2964dfff4afc9199123191d39bf2f21db

Download Submit
C:\Users\Admin\AppData\Local\del.bat

Filesize
65B

MD5
5be54536acf6854d3d0217fee5092ce3

SHA1
823d25753559795f3b5a53de6b019b8815abc834

SHA256
076a50ec803f409306be46309faf35ddca3f7a41f6a884a0e0ce55497c10cb62

SHA512
b92ff21c43b6fa1a9711e7422a328583bf304bf7e2020c466825ce9172e6a31c4b04ce4adaf14a0e72a3eab364493dbfccbfb64586deab687c900ebbe541c681

Download Submit
C:\Users\Admin\AppData\Local\system.exe

Filesize
315KB

MD5
c493df9bc86eb04ce636135e1e72a48f

SHA1
858284e978af1b143991f0f8284d8a4e1d4036db

SHA256
6306d7601a7883e4f6e135cd049bd92f84b09618e21616feb42dd1d30fe9eb1d

SHA512
8961b69a1013a455ebce721873f2bd30e097abe86c1196c982f50a8d976de5f34e284be7d39a63dd075d8944ce6c4111dfae6a01ab00f994ee236e4719411564

Download Submit
C:\Users\Admin\AppData\Local\system.exe

Filesize
315KB

MD5
c493df9bc86eb04ce636135e1e72a48f

SHA1
858284e978af1b143991f0f8284d8a4e1d4036db

SHA256
6306d7601a7883e4f6e135cd049bd92f84b09618e21616feb42dd1d30fe9eb1d

SHA512
8961b69a1013a455ebce721873f2bd30e097abe86c1196c982f50a8d976de5f34e284be7d39a63dd075d8944ce6c4111dfae6a01ab00f994ee236e4719411564

Download Submit
C:\Users\Admin\AppData\Local\system.exe

Filesize
315KB

MD5
c493df9bc86eb04ce636135e1e72a48f

SHA1
858284e978af1b143991f0f8284d8a4e1d4036db

SHA256
6306d7601a7883e4f6e135cd049bd92f84b09618e21616feb42dd1d30fe9eb1d

SHA512
8961b69a1013a455ebce721873f2bd30e097abe86c1196c982f50a8d976de5f34e284be7d39a63dd075d8944ce6c4111dfae6a01ab00f994ee236e4719411564

Download Submit
C:\Users\Admin\Downloads\7ev3n.zip.crdownload

Filesize
139KB

MD5
c6f3d62c4fb57212172d358231e027bc

SHA1
11276d7a49093a51f04667975e718bb15bc1289b

SHA256
ea60123ec363610c8cfcd0ad5f0ab2832934af69a3c715020a09e6d907691d4c

SHA512
0f58acac541e6dece45949f4bee300e5bbb15ff1e60defe6b854ff4fb57579b18718b313bce425999d3f24319cfb3034cd05ebff0ecbd4c55ce42c7f59169b44

Download Submit
\Users\Admin\AppData\Local\system.exe

Filesize
315KB

MD5
c493df9bc86eb04ce636135e1e72a48f

SHA1
858284e978af1b143991f0f8284d8a4e1d4036db

SHA256
6306d7601a7883e4f6e135cd049bd92f84b09618e21616feb42dd1d30fe9eb1d

SHA512
8961b69a1013a455ebce721873f2bd30e097abe86c1196c982f50a8d976de5f34e284be7d39a63dd075d8944ce6c4111dfae6a01ab00f994ee236e4719411564

Download Submit
\Users\Admin\AppData\Local\system.exe

Filesize
315KB

MD5
c493df9bc86eb04ce636135e1e72a48f

SHA1
858284e978af1b143991f0f8284d8a4e1d4036db

SHA256
6306d7601a7883e4f6e135cd049bd92f84b09618e21616feb42dd1d30fe9eb1d

SHA512
8961b69a1013a455ebce721873f2bd30e097abe86c1196c982f50a8d976de5f34e284be7d39a63dd075d8944ce6c4111dfae6a01ab00f994ee236e4719411564

Download Submit
memory/364-88-0x0000000077B70000-0x0000000077B71000-memory.dmp

Filesize
4KB

Download
memory/364-56-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2120-616-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2284-619-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads