hxxps://pub-a40af34dcce94355973b0e837bd9a6b2[.]r2[.]dev/eDOCS-Reader[.]html

General

Target

https://pub-a40af34dcce94355973b0e837bd9a6b2.r2.dev/eDOCS-Reader.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643593139454069"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3716 chrome.exe
3716 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3412 wrote to memory of 516	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 516	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4420	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4408	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 4408	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 112	3412	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-a40af34dcce94355973b0e837bd9a6b2.r2.dev/eDOCS-Reader.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef993ab58,0x7ffef993ab68,0x7ffef993ab78
2⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:2
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4696 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4144 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:3732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:8
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3928 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1548 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4580 --field-trial-handle=1920,i,17963462547891718863,9181741020145697253,131072 /prefetch:1
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
55a0376c3d3850cb549cb83e866bd5de

SHA1
853c7dbf9e1c59525d5ec904d55f73559071229b

SHA256
f3d5d8fbf69640f00cbb7f1af5c6c562bbd9035fefe8f9adc46581772a8f962d

SHA512
0a2c39c66e5352010533095dfff21b734a2b99a676afdcd7c0a6d5073293fe23ce5ffe0b6c8817954b80454db00bcfd61dd22a16eca09cf91bbd994156afb6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f004c84b58675c5eeda3ecffcb7f5c08

SHA1
e2e906bd036804475dad3b2ce1c45d6bf9d420c8

SHA256
6ded515bbbed1dddc5805ba3d7ef87108ea722c368598b40f0d310327a481996

SHA512
bb31f2000b00a9057df2ef545505d28101aba126805e9c60112ce0ddea66badebe71710255c4d321000fb33b2b4e9aec32a855fe6ea0ef77bdc76e80f51cc8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
1c3f88a75bc7bff47add672194f64e23

SHA1
9fa4ad823e93f4f8eb5ffb72715fc59ace8a3dab

SHA256
5f0264cbcd4dfade865ada96aefbd6038a7e792f3581d56270b335f2e05fe43e

SHA512
1b4f6a61f60647eb7c5c43bf46f2058fc6b75f66ea3cfd14de7ab42363fa33cc0d7a5f082e54170fbaeeddd1ff493bec3033c0c41a380c5704fb73ece1fb5dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
11d2ce8b80e3b30ce4e455a68e9e958f

SHA1
91dace56f72c70cd799eb9c7400d8cfdf7441401

SHA256
ff1cfed0ac4e360faa20d8c34deffcb3324ed0b86be4ae733135423e5a3bd486

SHA512
02c52a160825fee9faf4c63a9671d55e9a4411bdd9837c9bd02a58fee03d96939008d75a9bff3b0c811d294d15ab7a6332cd8a9668a90891f383087d07551dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
3bc8f765fb3df4ef09728b6db8c6a89e

SHA1
bfba91fd93ed0aed61699200eedf52c653c777b0

SHA256
619691ada691e87be617687417f1646db849e2b4e3931681553280bdfc8b5e76

SHA512
0ea31f8f948e60168421c68bbff0fa0f63b1566bd0aa7a35373aceb5bbdf17b81522d45b33a52e4bfe3d60b0e4ac8c742d2fdf02f9db163a4484f3fd48e7e371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e0ea.TMP
Filesize
88KB

MD5
a66faa1790bee82a52628ad68410ada9

SHA1
95c398a4c399bee30bb18389320e4efd0d1354af

SHA256
8c71ecf31e2091453cfcc37008a51adb0377eb708361b6be9c9a48e371693df1

SHA512
3e9ef47ebb17f3a338591b678090735754d53066852206ea9b3550a803e21c625c765705048bbbc5991f5894741dd46445c43fd62ba357623ff457a2457d8ec5

Download Submit
\??\pipe\crashpad_3412_KUKOXYWOZUZOIXJK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads