hxxps://github[.]com/ismail50490/Roblox-Electron-Executor

Resubmissions

27-04-2024 22:27

240427-2c4qfshh78 1

27-04-2024 22:25

240427-2cca7sab9w 1

27-04-2024 22:24

240427-2bkwyshh36 1

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/ismail50490/Roblox-Electron-Executor

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

3888 ipconfig.exe

pid	process
3888	ipconfig.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587302829796997"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "42"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

212 chrome.exe
212 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

212 chrome.exe
212 chrome.exe
212 chrome.exe
212 chrome.exe
212 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

4908 LogonUI.exe

pid	process
4908	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 212 wrote to memory of 2252	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 2252	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4620	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4008	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 4008	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe
PID 212 wrote to memory of 3140	212	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ismail50490/Roblox-Electron-Executor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb89ffcc40,0x7ffb89ffcc4c,0x7ffb89ffcc58
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2132 /prefetch:3
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2456 /prefetch:8
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4248,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:8
2⤵
PID:892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4628,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:1
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4888,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4916,i,17084583197247288149,14050554809534506317,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:388

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2376

C:\Windows\system32\netsh.exe
netsh int ip reset
2⤵
PID:208

C:\Windows\system32\ipconfig.exe
ipconfig /flushdns
2⤵
- Gathers network information
PID:3888

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3979055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4908

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
eba2c1fc5ae7ae98b227b731a683a914

SHA1
b6cfbe07c6d57f4011c258acdd1edaef0d9fa808

SHA256
b5d92f74c80c524bd9f01db9e0bf31a7c64c620139b9211f1b6ea786bae87dc9

SHA512
fe9136a4ce20f342fa3dfb437e435a0f8049a9efbdf2964afacf1c0d1de9f8768414f0e02f863f0116a756c22fd0e56629fd2ac041180484e55c3e72795cb8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
7cffc12b3f2389b9915dadeae1ce9cf5

SHA1
ed550c05bc9cca033e027681e29c8882caebe6ad

SHA256
5b49cdc211f60958e656e2e492311a6dddc011eb280c769d96be23f34e00669a

SHA512
e487b7770aec020429d23531fe02170e2899d015ecb8c0a950f2d36822e24c93bbeb8e6fe3d97fb6f116bc80e1ae2d077c394d6a6101b0fe0158f1feaa28059d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
91121ba4d5c8ec5139dff78ada8f656c

SHA1
802897e31ffce4d862ac5df9baba2cb9c62c6a4a

SHA256
eee44f84f2d89889a4ef993c256a77a0248c956724bbbe15c36cad1e6b8316d1

SHA512
73794678e2cff791ddb721bf296ceee81bdc57bf00e9f130c1307a21b3f5f8ce21922a1e6c64e86d8cdd6836656e675567e768b89f57418cb26bdc963a34ad8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
717c0ebe1efe5f17ce7bd3ed66dcebf6

SHA1
51e4ddc63d17e9a4513a119d06a54e4257071664

SHA256
99511d9ebd7de1918df7e3a8b8ed715bcb1a88aba4d272ec9974cc24c18484bc

SHA512
aa2b483cb0c9be0e5c3106a1e68483ca1185588067ea290ebcb543d28bffea123e4e8893919e255f7c52a242d182343e3b4479736d3bbe4410b8be79f6f2a7e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
64519066bc61d20abff8ea2d127fa691

SHA1
5ea0ec7d4590340ea830977ad21cc9ead261b062

SHA256
d7ea54432c14dd49a03f835b88cfd05bfec29302a732a94ea147f2193adef37c

SHA512
68702c7b8576da5ad8898da57242e0cd9c6b59ae5d0cb48cab2bc3b2b4a123f6566b542052f1c33bb9d0c19ea78ff5c9de1a30fc55ec68d3a221d39a7a4cb5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
20f39e7dfba1acb7814bf85a0282952c

SHA1
96de64c7cb7ca6754ad3e1f784cb6a1ee1b21506

SHA256
748d7cbcd1178cc3254f5925d6739646ea1a650165240c3a940945d6f61d0ad3

SHA512
0462a900608233b41e603cb4556c42e496b09da851d53726be993a6877b54ad7b1ec56fb8f5fcdf7ec42d89be916ac9401a67f9cde4aa4f0ff449f7c785e2ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
29e45e9d4c77228a94bf479df79f0d40

SHA1
db13bf9d3fe74a85fcc028034d368146e164509f

SHA256
f4b1f97edb017159c35d087424550af7cd0db3d5cccc7b742704b5afaa3fac4f

SHA512
d514d8d5a8ff4f20c7710bd552ac61c449e0ff041b41d8b14fdc40411d360cd782f653396552ac8f1dcc1bc1b01ea94098b8cba2781ad958f288a830f94c313b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
79e48e3dc07e469130949008254fc231

SHA1
f7076e7d2819cab2a6c85e6e48403ad2f807a95d

SHA256
95e254295cdfbac075180b791eaf0fce63526cd7c8e1180f599e0913e5227260

SHA512
4629d2e3661ab40ebf00ff9f7e480b8c06a4dd03055b841a321db4cd98e5e458941cf4e265630b11e1a89d492f7db640d14f0be006b52616af7b12b96c529dc4

Download Submit
\??\pipe\crashpad_212_NQLEVOPDUXXZUIUI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads