d7b57139b55ab182048880b7ca6878a71defe92c8440557344ed5f001f8872b7

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 07:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

4KB
MD5

a56f218b0caeac28d5e2d51f0167d1de
SHA1

62e99ebf6e06dbe6f2b549e787674439d9135c3c
SHA256

d7b57139b55ab182048880b7ca6878a71defe92c8440557344ed5f001f8872b7
SHA512

21c6f52c81c54e9f54e45a8f78089e8f4896593216f2ac8ea1d78ab1bcc01fb9beb3b7be2184712d28281dc866e651eb609b0780140604a6dfc06f004e3f5721
SSDEEP

96:f6yplrp7wIbqNok5IOUS5lbkxyEg2D7D9eHOkvxmGL2rgv2fW6:Rphp7wsiRPL4xyzbHOkvxmGL2bx

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589341621513003"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 1856	2912	chrome.exe	83
PID 2912 wrote to memory of 1856	2912	chrome.exe	83
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 2452	2912	chrome.exe	84
PID 2912 wrote to memory of 1104	2912	chrome.exe	85
PID 2912 wrote to memory of 1104	2912	chrome.exe	85
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86
PID 2912 wrote to memory of 4416	2912	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7321cc40,0x7ffe7321cc4c,0x7ffe7321cc58
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=208,i,14462571768863180470,17438264119752515428,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3904

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4708

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

330 B
5

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

280 B
5

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

g.bing.com

dns

280 B
5

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a2e8e0f7dc3e51168a4f522a77137ec8

SHA1
51021689fbceb0ee28946e20f106d20675e6b45a

SHA256
de98502687b95d852d52ebffa325c23596a087e652bb11622397685ef7adf7c8

SHA512
4d9714022e7cf61f5ebdae54d1c98545d2d3692d11b5a9fa2ee521784a55332d0de986337472f9a296ac5d9b96a23941c2e745c4e182edbc67365dce3ea6976d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
668fa024399b3772588fbd252552e636

SHA1
062fa256cbdb2913805fcf75682d050c818000e5

SHA256
ba7211b0265f9143634e77d00d9ce2f4d2f111bb3247c4a1e475bcf21df70189

SHA512
aee775c2939769c2536fb9d35d0fe161aa5877c30585fd3a101abed040a2a572eea32212b7c81a56ca21da05fac1886ff02638400d1f55d24455997885e109f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
93899cc129c2b7d942000e1d6c75418e

SHA1
fea79b0c702ebf9df2fa7c8724a6766c4984245e

SHA256
f5b7f324ca9558d0782d2a6e2e55e7d91dc15c690e320558f6d6610db207dc36

SHA512
d5476a327b2c5d76cfae8f71542b88012a5ee6f514233e2633c7cd1e5c2d80e65f9799b81322936af0fee4092ab80ed606edf9aa6d47447fc375044f310c3a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90ff18370d8818717cf25c4c831f6059

SHA1
34aff3f94250515b52418bb867914529a27514b7

SHA256
90c2d334283ad4ae08c7336e2390b1168d30f2d276a5a4a8a275e0efbb152f85

SHA512
879d48094560934064450484f066ee2a32f4d39f7522babd292119fdf35b15d9629a3eb01b14182f2fdae09fb50bb869d7e9791aea925b2b829515d8323684b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2d402ed7c833f72676bd4fde09e42d7

SHA1
225c3d93b9dc4f46d900031150f1809753bf82cd

SHA256
28196d6bbc400b63532c70a687c3ba1db7655771678cc7ec1338ac039216252b

SHA512
e4781c39117120998effa85add1a7e913b62fc853ef36b26f47421066da2ef692f7224e623385034a3b757c45857d8f05f1dd9a4d14cd8169ce04a25adf827a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9282c12113b248b11e0bf26a0a0f230

SHA1
f3be5f8e1cbb3b47661611eeaf1108f77ad0cce2

SHA256
8cc5db384b2d3691613fc6631601f0bbbfb661961bb1832bf5a295423132c176

SHA512
38a70f658886b9bb017fc398b53cec8bcb6dca563a85c6d15deaa18da6b780ed702f1a3e5ae3a88b61e5aca08e7a78ddc40672d937adc6a34256c354d7d0c3d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
c9e3614ccd22ce203a5446569d4c21e2

SHA1
5f08c29c49006ced1dbe1e62e370200932801647

SHA256
014a3c4e34973754d79e3c2c8ae3479e898adef7688eb2db66db811eb24a377a

SHA512
18175b7eff67de9c1971a9d71f25fe20ed7f373ac67bc649be298b536f3ce598178f93ed7d7f1f742e2e66b508cb09edfee3ccb96c562dcc3ab77c9589f9f38c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
aefc325d3246514a5bc41a0f80651265

SHA1
a9984633a27a5039004249f5bf7dc12f54c9acba

SHA256
63c9c0bb1a7f35a6b491adefc695b0603b82a8f5bfba8587ed219272557da06d

SHA512
95eb8e4947eb4f08778ca3911c5adf4c23878bd6723e6d3fc1f95c77a9c3c14abee953ccebe9cb3e0221808779d58b7e95f1e0086cd6acec90c6821b41a1313d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.