3b248836cef97574faf978ee7b9660c5653da91d97db8a7cc2cf3147c5a5bb16

Resubmissions

02/05/2024, 13:45

240502-q2ebbaab4t 6

02/05/2024, 13:42

240502-qzr5dsaa9x 10

Analysis

max time kernel
94s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
02/05/2024, 13:45

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

17fd5479f7dec3f65015008bcf5004ae
SHA1

98d6bcf0334e0f383f3e66948e347fda087d3373
SHA256

3b248836cef97574faf978ee7b9660c5653da91d97db8a7cc2cf3147c5a5bb16
SHA512

081e39bd770c3a1e602937b85c9a38744f0ab245e452651eea551e76752c907edbc9952ac1c1e8601a418b4c7a652b76ac26d9cd0c42bbd3d18668c1ee5123b0
SSDEEP

384:rWjuCGNSDpmReVoOs47i9ylKeGM1U8Hhhbdxo7/S2LjMrSA+1IJCgMmVn:rWjeSBVoOs47myI1MZBhbDGPMrSkJ2mV

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
34	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	youaredied3.0-x86.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591311380670424"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\youaredied3.0.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe
Token: SeShutdownPrivilege	3464	chrome.exe
Token: SeCreatePagefilePrivilege	3464	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	youaredied3.0-x86.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 5084	3464	chrome.exe	79
PID 3464 wrote to memory of 5084	3464	chrome.exe	79
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 872	3464	chrome.exe	80
PID 3464 wrote to memory of 2356	3464	chrome.exe	81
PID 3464 wrote to memory of 2356	3464	chrome.exe	81
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82
PID 3464 wrote to memory of 3532	3464	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa055cc40,0x7ffaa055cc4c,0x7ffaa055cc58
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2096,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4744,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4908,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,347672649044362842,13993319521818882457,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1992

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1668

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Temp1_youaredied3.0.zip\youaredied3.0-x86.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_youaredied3.0.zip\youaredied3.0-x86.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c pause>nul
  2⤵
  PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a9fe2530f23a9b3f3a305d01be81906

SHA1
c8c7816d3e796058108781375319a49a3d62f136

SHA256
4752679155a4a7a8ea0deefea0ba999fcd6c7ea8a8b567d217823c792966fe6d

SHA512
a39290e2f92d0495bf29c17cee4db1d0a25dbecd52284c95c2598d6f03db6aeb2bf8ece437f9095f77f61eb2088886d85fdd1ef9c4f3e9b4ac0a010bacb33c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2f292fb12a1607477f2728f6d2d2db8d

SHA1
d74dba6ec2bf55d1a466d4ab758d21f23bf60545

SHA256
49f8349df50e1f2445228b0ea328e30dd5afa01f6af08985fd4c0634b2ec866a

SHA512
45782b8085681f2806a77f00cae06aeeab8d1e2c060e3943ee45278e17bf77417b5fcebd60b1bb93a381b320f205c23189d3af190dc3f55249d6b57cfdd6e6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d449f94f68c828630db410feb1d3279d

SHA1
af3fddf5b5320a975a39ff7378554a08377f77c8

SHA256
250f1bc6a421d3f9321678739ecedfa393fbb570a22ce3bb7b270c4beba29dc4

SHA512
782e5087db0b4dc4ba4f65aae30a31413a3238e7409fe0834f46398d4ff5dc138d159ba3cf6ca5b162c8535aba157b5ad899e0dcab96965eba7b57dcb2ee7bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4bce2517c73f24e154234ddd04472466

SHA1
86cc57b200062469a3b5fa21ff301bf76a2159f2

SHA256
292ed469e5c4b194919fccfd99eff0ff5a0f23d3eb10e9b023baabc1f24ab7bb

SHA512
28bf43af3ca22eebbdc1b9e21dde8d11ea51743135fe71d2cd85c67cad8fddcf320245410b5fc6ceacf00df69a8ba1304071d49cfbefd3d863c68096da74075b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23b1ccf88b4e10c3d2cde18bd5d4818b

SHA1
1b41aaf5e1e4238e3b493e6b4571fcd27bf38c62

SHA256
79bacfb8f9cc70f0c54206cb13da7134c8026f3098cc4a6de9aaa854a28d78e4

SHA512
4c265672d841fe0a326fb0374e654d506a4cbdd6ef5bd08978875e44c72dcaa92944d5963a566ea43cdfa3c5c20856c816d40799bfd4cd6fe4906be6e2ecf782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3d5e18ad5ff0042cf875e1645c41297

SHA1
b3a2aee2c09ec719e91c326ebad6e25ac552b486

SHA256
0bc77d2a4261ccba85dedad4dcaaa79db4550b5c83edf69699d82b7cb6c58be9

SHA512
b47b17915c2e02a7890f16f5110452a34e0b30060b1f0a8aa2ce12894426acd658c311f24308a6612187e02ae19dd014e4a6fcfb1207546145dfe11d660e8890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d7d1aa08e5a4d26cc26dfdd02d7d3d06

SHA1
35c6abcf6235579434a692ba91eda8a8f8324ec3

SHA256
beb521eb273222ee1dceafba0ca9b274a032935063690b54926344411cb087c2

SHA512
5ad9fe6fd9b6da2048d8a6bce26d01c62ce0b4517a7bba3fe8c742642f0307008c8e4de48897f5cde5d2d55e1efc019fe9a38f800d8af8a1df3e47f2b1b5148f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae7d20c01e38dc89cc6499fb62d2fd9f

SHA1
64917d0048dffcae69b09e8c8714d319a38a5faa

SHA256
5f254613021e1860732cadd3369ddbee4796ff77531f21b55ce9a764e3bce9a0

SHA512
476237bb21d6b72078526f770295b92c6265c607e24824e717b8cb6f0c192e1bbbf16dcf17d677dee91ab0b9dd5038bf5a1a7a71349476a41c7fe9e43d7e5178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9b326d9f561aac1207b2186ae7a1333

SHA1
14a367fe0197e91d3a01883728f6f261e5168a0a

SHA256
0038deb011d065076fc287c2c7ccbc9987fcc69d791459cb702ce8df969da7a3

SHA512
be1a448f6db1f9988146bc78bb6d313080d5bcc10790f2b5532c72e8dea1484ada41f2eb6d74282a1a3cadbbd013d578b17f2eb864cc7c51df2927ea252e820d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8574bfaeb9b8ef4f85c91c26720fe663

SHA1
1d9e193439757764b31e803b409804fb425fb948

SHA256
c4c3fad136c0aa9887d07b09260638a298e02182e929e49753221dfc18f7caf6

SHA512
f414691695fd6d05edefd81b24b6d84251b99469bf97658cbfbe622612acecac862c2ecde632a223ec58a1dcd94548fce9e77fe921bf001834357992bab0858d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ef9578d4dd835cd20c40de01e9c8b078

SHA1
77dc79f9e2e991bad244f642b4dbc24d8ee11eb5

SHA256
c334a629ba965c8cf10ef12cb1bfefae8e4fa4195ef1236c4ad70825855d4d70

SHA512
8ad70cea2f5aa1d60f94e66d44648dda766666c843c0dca34c4466bc10e78ca1dd68b3f7862bec2096c3b7ec70426e5becec4e107a3b777e6ff8434369acbb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f4564f9d6c0109860a51c3aa53b4e85

SHA1
052ceb4b9e6598b90e3234c877553d5637710bab

SHA256
f6bc7fb5ad61e921c9532db34152c912344ed4c2585722d4fd780b0067e7865a

SHA512
4a52db15aa9e4158cb1b0b7823c4f5ee706bb0ec2ac405f1451a4b8d72563c626e0c43622f4230833923bf12dfd2df135e294d70b693391c675474d03ef804a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c451b10d69182f3bffe8dbf03eef8f51

SHA1
c8654dd2c0be7d450a25771801661d632a592ea6

SHA256
6abc6aed1a1b891daa2cc41246cd4509f9cd2afb72df5efcad716a054cc840ff

SHA512
5ecdd6e1ed934ec78adc0bae0860f513a36326bfd18f7110fff3d3fe0df2e04aa90f47fdf7f27a7b6c569950d41ece9b3e91531e400a1431304ea6b636e85f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
9eff6143a411cfc147925b7ef6214d02

SHA1
74a5d2a6958e5cfc05929c39e4561069ed3e4d9d

SHA256
857327d22894ac26abe40a57d358f22d98bec3a8e7843fba04ea59854bf3f909

SHA512
9e4a4be1d9d327f0b9dfc72abd5c4433fdf1b843426ff286c736b8aacce3cdc1f630ce98039aa52596762795be2d63e5e935b0361eb94b73d833160738f39d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ee12045dafb1853778ef444798c225bd

SHA1
ef848ce1e901e6979f2593a5d376c025830be9b9

SHA256
2e0753c4a85cf006b5ed03ff62f16a02c035c91c18d4881de3f24a9a8a666df7

SHA512
c59d075f33386a6cd73427bc689f31856eb05347718cbc6ad58b063a553c97592fba92e2642348db38d72a1278346a43e717049f7518ec3f499677b4282d2136

Download Submit
C:\Users\Admin\Downloads\youaredied3.0.zip

Filesize
206KB

MD5
f4b74b5eb461766e2932f3249604be94

SHA1
51decbce38e33d6c8a683029b8570d84f1dcefb5

SHA256
1ad807147ab68973bad581103003c4a8e39e6eb34ca8785e6ad422339dc851a6

SHA512
3532afdb28429381aea3a6bbc0cc818f8f692ea77452157f4dad7cd56d5b77e59a8cbbcf0dbbbb6627f9019337a0140049333210fe0b56ae9ba3c871f9d01104

Download Submit
C:\Users\Admin\Downloads\youaredied3.0.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads