Behavioral Report

General

Target

https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=https%3A%2F%2Fmoderntimer.com%2Fnow%2Fauth%2Fsf_rand_string_lowercase6%2F%2F%2F%2Ftest@testemail.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2795DA65-5D2E-42CC-997B-931A2D47E369}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{CBEE064E-D405-4942-8C36-28DEDE802861}.catalogItem	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exesvchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	svchost.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295811194930393"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1960 chrome.exe
1960 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1960 chrome.exe
1960 chrome.exe
1960 chrome.exe
1960 chrome.exe
1960 chrome.exe
1960 chrome.exe
1960 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1960 wrote to memory of 3148	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3148	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 3316	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 968	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 968	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe
PID 1960 wrote to memory of 2024	1960	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=https%3A%2F%2Fmoderntimer.com%2Fnow%2Fauth%2Fsf_rand_string_lowercase6%2F%2F%2F%2Ftest@testemail.com
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce86b9758,0x7ffce86b9768,0x7ffce86b9778
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:2
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:8
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:8
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4864 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3716 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:8
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:8
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5056 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5180 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5144 --field-trial-handle=1820,i,14837691111287037134,4991563302821232333,131072 /prefetch:1
PID:4304

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
PID:1072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
PID:4764

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

00:00 00:00

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
9d84fced9d773fd8adffac544182ab48

SHA1
5653e7b78a3188fbc72e12cd81858cb92c0fddc4

SHA256
a340f12491c29ae67c19769e38463978681068ed0551e0a84622af100aff4a57

SHA512
c2aca3e5b5a330eca6d453e484635b98bb8c0ad8ebfd0388c36c6ae639904dac35cef71027770e54fc1e0f9adb30cfcdc8217e189200bb25611df304b9d1fe94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
4e891ad51a961298fc18628b128f416b

SHA1
4e734550f9e26593cc8782bdb61cdba468c9f077

SHA256
758648b662df9e10cc13c678836ba3f4f60f64877abbd248c729d2aa7f51e4c3

SHA512
733458c346d81129a711b8640847667f2c14911f4a3bbb22f789fd119996b4b46523a60291c20e8f0fee09b818cd9b79a3163c6ac74cfdbc063baea45ec782f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
acc75d2ccc8aa37453332532d09828be

SHA1
b6790f039f242247e1ced5acfad62afe7e3cf7c9

SHA256
b0db0d4d67bc43adf6fed8c2a091a9a4fc27f51189d408e8a0916ac61b06acbc

SHA512
4ab3cfdb229a493c3e75f7345782df305b251262b79176f8a261056c5aa9914ccbed00aed97fcbc88b95711f3aa6c8a53976bb44fea8e0c652a85c5870c3ab0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
4466f943383f3e1f703ee6759af313c9

SHA1
55a3fc3d520a3eea4afd3f11ad2b8e742ccd15bc

SHA256
2f1ea185e3cd9224178d14399088a97ac83574f20eb6192bddf2a88159ee084d

SHA512
1a7f6cc287719bae0ab1db6cade2e92c2cbcb8073176ca41c1a670872f906c420e4c46780330be4913090269a5d8bfd3a20bddde5676564b10c9780582ff5e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
d3a7809a10dec9fb1a588b93a4631e9e

SHA1
e7e15e82e5d75644cac65c036eba4255635e1706

SHA256
9debdbb93fb782c9e7c71ce3207b72becf73272295b13b677342d7c04759c193

SHA512
3b2e87d19cdd1de634bf007066917e6ddadca59f32fcb554cd1c7ab64a6c58f97128548689415516f5d4ce07e2c22151f3dc5279e356b80a133c234d4e78d03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
587c390ad4258120d8558f31ee76d48f

SHA1
42cb625ad6b7bcc13c8ab5834a1432e86dcb284c

SHA256
fe22ce98615d34678e4d4aec0c66a96d40e18701ed802efd875d75cfa48f6121

SHA512
d42484f3ff6d04751cf6a1f41c03e4975741ad311e0c2358892bb04db5704beaf1cb77c5b912367b3aa075da3bd540a92e5623e4465ec3c31fba67dc7200c6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe573393.TMP
Filesize
101KB

MD5
0ad30e1b227deae0614e5631cf236595

SHA1
41573f8bd4ef44c371a4ef46cde2808d5c263c52

SHA256
a5f0d8948afe208c8f57c7f5b6dcabb4531af96f4f5a076c5ae39d897e21649a

SHA512
9ebc66014b2e1b4766559a7c2314bdd75fe68c9578647b3bda3a7ee608eee5c6cedadb4dcd06c42636013f7f5afe7ee11e1da6cb479637654f9804fe505221f2

Download Submit
\??\pipe\crashpad_1960_GDZEDGKTEARGZLED
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Downloads