344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Analysis

max time kernel
85s
max time network
86s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 03:20

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

33 raw.githubusercontent.com
34 raw.githubusercontent.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

WaveInstaller.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaveInstaller.exe

flow	ioc
33	raw.githubusercontent.com
34	raw.githubusercontent.com

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677336828330736"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4012 chrome.exe
4012 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4012 chrome.exe
4012 chrome.exe
4012 chrome.exe
4012 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WaveInstaller.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4472	WaveInstaller.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe
Token: SeCreatePagefilePrivilege	4012	chrome.exe
Token: SeShutdownPrivilege	4012	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

1832 LogonUI.exe

pid	process
1832	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4012 wrote to memory of 4972	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4972	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 5052	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 3120	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 3120	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe
PID 4012 wrote to memory of 4968	4012	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb1a7b9758,0x7ffb1a7b9768,0x7ffb1a7b9778
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:2
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:8
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:8
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:1
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:8
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5208 --field-trial-handle=1868,i,13326141245598755930,9536620055692080328,131072 /prefetch:1
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2240

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aee855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
9d913f092c8ea706bbb0270b9bffc2bf

SHA1
0ffc686a14b692234eb212b119f978432f59194b

SHA256
d7b94eb022b263dc958dccf31c68e4d224ebc70d3e4bc37d2b524050de34e515

SHA512
58addbb8d938e3cf4a17414a32832d900d203a7a70d2126fd35085af1990b057542652873482556b370a1886022ea2fa24b735b3e5a7c915fbe1c8aaf7d6b540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
764eed6fc47ef7063e3c67acb00244da

SHA1
468ba5a9532cfe4a8b82c33f9ca4e0da454e9528

SHA256
4b351c7ca49fad20763b230f375716dcc0cea275f6476b557368ea5a55ce6b9c

SHA512
49b4c3ad71367d1622b1e45865729bcc46207c0edeebde989c7df867449e55cb93c4df3b159270caf8d4614bad19482c0eb9166e87f9fb7005644c5f789ef4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
c695f579b6c73fccae230d72afdc5767

SHA1
791f6c73d4992b8e9b22dda7f78abc6c83ee7263

SHA256
3219e5630a1ef0ff9b4ecb8bdc27de72ecd719840f2ec827c5bfffba99505fad

SHA512
462e757adcfd30595491f64be137434054be70ccd7638a4d9663b184a3b6c6f3918b3c19a0aa025b1e80e1e96d210dc7606c856010f939c6feb219b1dac5536f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
712ea5229ad8d68f294c404f261389fe

SHA1
df948eef7e22b5c6551c1bc0002801caac16240e

SHA256
00f3d4e4cb22bd814a471425cbe0f28e68fb87209e36d2662e53cf8d3d4bc438

SHA512
11b57a4afa99119933cbe35dfed0678a498d5fc8a8d49d9a5566819631b279884bedf0f2d116a50c5e407c3fa588c916e1343597f763e2d22aaed0487127df57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5284d8c9d9984f1ae9372e5a45aca43c

SHA1
35fe0a2a392f1d2560823f13569ef3ee9ab3868e

SHA256
8e6443023ba7f63cc208aa5d9445bff45b479aad690cd30cd389daf265cd129f

SHA512
4baadf569df47c8e791ad66a80e02e94c24c7f972355937d6eb49990262c9035978919a0309cc2205a9b4861a5a37a947d7e159579874b779c1b1090238b3fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
cd1cb3e40ec3415640abd08768872a99

SHA1
706a28ce301c1e89d46b9659f234b578e7b20489

SHA256
c1c7c19f8ec79250251afaeda590292fbccebbcc4b60dcb4eec108a2b660b3c2

SHA512
57168a46baaea28924d8b428af44ce2a761fa94e0b0bbb57196618b8daccf2f9a57242ec6b3bc02f6e8b33929fe6a32c4876f48e793789334f231f3a8e89ed27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
02b7a63d5956e4d01d21eba4640a0670

SHA1
223159df3065bf38c8cd5e18374d2e175f3adf94

SHA256
f0b9e60e7446f1c174e4fb637c14068407bf5808ad97eb680eb018549cdf5f5d

SHA512
ff8c307d8a098fbf564261b9333266757b6356f803f6670c14507b6a62b4b9c592953671429897893aa1e4c85e82da2491f3533ae302e64525c807ac5806a5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fbf036c826db4d47fec9d95209c5cee0

SHA1
124922036b3b3d4bec427b283de4d38b90ead421

SHA256
f7dc3da906bd02344a54a42712cef1bbf803f05329b09e6203ba8ea253e8c3e7

SHA512
c73c338950d2223e13c817f33707a842b94a3a662b3c8ac2e0e43bed36b7b55ee384f03f4c72200eb8999a2a30ed0a2c08832f462b0c131364fcd4a0207a2853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
6f8ba9905dc33dc225921f3ebf31e96d

SHA1
e4739aeeae878c1ebbfc3559c2983221b81a2d43

SHA256
c3bd06c9fb8fdd472ec527bcf36a19649f27ef67bffe355b7c0c3593696c6c87

SHA512
77dc79b46e0bc1259d757326ab2745fb687b710769e132acda4589efd2a55ec713fe3f7c989ec5a3580a6e193b5a3296524db51cbe1d37a08faa041babca8a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
292KB

MD5
23400da042daf8d0464d5ca658bc4614

SHA1
0de54cf88a6906759776c5d4c08229850c3880c5

SHA256
2a97f7802f98382f0918552bc6ce41ef3fc8579d03281224a3ba09df1cedefc6

SHA512
6992575b23e721ad022da3bc1bb154bf83158b55cf750a01ce08cbcb7711bb0268d74b481e8af8294540be879ded52150c11849932e8397c6c7e8245f07bb46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
292KB

MD5
a2f4013aaff390c558a0b35614d79798

SHA1
7acc558a23c1727c1d6a0b68a2b95b01c4431205

SHA256
f0465910384d78246d77fde081d0929bb050e697e9030c632af4915bf2655768

SHA512
49953b9d098a2f08f8124adc73b9dce1507945c0019343cd7645f7c6aa20f7048cbc6fd8b12a3587a5306534cbf403371934d4360945ab56a81b43163c6b9aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
20b85266d69d746ba49c60b8e258f838

SHA1
a356aaad97d289352bc201d0aaeb746879384181

SHA256
1922d83101fafcd36c16e3bfd10d17330e4a8e5f5d9fed4033c31f0d706203e7

SHA512
b76a5ad591483d3a1488ea3df7f16d2b60974b1afc44cb638857ce2e27a61ebbd8b46e4dd3631f793823d4b4feec5c1e013a2525e0ca79fb318d56f039b1ee7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4012_TPLKRSLSHNGCKHWL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4472-3-0x000000000A110000-0x000000000A148000-memory.dmp

Filesize
224KB

Download
memory/4472-4-0x0000000073750000-0x0000000073E3E000-memory.dmp

Filesize
6.9MB

Download
memory/4472-29-0x0000000073750000-0x0000000073E3E000-memory.dmp

Filesize
6.9MB

Download
memory/4472-0-0x000000007375E000-0x000000007375F000-memory.dmp

Filesize
4KB

Download
memory/4472-2-0x0000000073750000-0x0000000073E3E000-memory.dmp

Filesize
6.9MB

Download
memory/4472-28-0x0000000073750000-0x0000000073E3E000-memory.dmp

Filesize
6.9MB

Download
memory/4472-27-0x000000007375E000-0x000000007375F000-memory.dmp

Filesize
4KB

Download
memory/4472-1-0x0000000000F70000-0x0000000001102000-memory.dmp

Filesize
1.6MB

Download
memory/4472-5-0x0000000073750000-0x0000000073E3E000-memory.dmp

Filesize
6.9MB

Download
memory/4472-225-0x0000000073750000-0x0000000073E3E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads