hxxp://blog[.]kthx[.]at/2015/01/18/vmware-esxi-umzug-von-server-1-auf-server-2/

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 03:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://blog.kthx.at/2015/01/18/vmware-esxi-umzug-von-server-1-auf-server-2/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703264389731817"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4600	5088	chrome.exe	90
PID 5088 wrote to memory of 4600	5088	chrome.exe	90
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 2020	5088	chrome.exe	91
PID 5088 wrote to memory of 1656	5088	chrome.exe	92
PID 5088 wrote to memory of 1656	5088	chrome.exe	92
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93
PID 5088 wrote to memory of 4524	5088	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://blog.kthx.at/2015/01/18/vmware-esxi-umzug-von-server-1-auf-server-2/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9dd28cc40,0x7ff9dd28cc4c,0x7ff9dd28cc58
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4440,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3152,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3816,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3268,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,9175227163214790220,16853750314821622211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:768

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4300,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:8
1⤵
PID:5740

Network

DNS

blog.kthx.at

chrome.exe

Remote address:

8.8.8.8:53

Request

blog.kthx.at

IN A

Response

blog.kthx.at

IN A

144.76.223.174
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom

144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:443

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:443

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5
144.76.223.174:80

blog.kthx.at

chrome.exe

260 B
5

8.8.8.8:53

blog.kthx.at

dns

chrome.exe

58 B
74 B
1
1

DNS Request

blog.kthx.at

DNS Response

144.76.223.174
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
360c17a3b71c0156874d8b1a5081ad35

SHA1
68c44d09e1fe194fd35395aa035cdbb56c817d8c

SHA256
43ba0d8de37fbe8f63f5e62e2e05b88d447dd12b3397a684008b70e8e5b93fb2

SHA512
8a8e253944db709ba823d611bdd53d78dd18c4d7385c063dc7ff8554e5741fa49a88b17f44d184972ff17497b8d9390be61f001dce66bf609afb28c8a94aec34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0979f11d-8c4a-4c01-909d-b744890a1630.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
962B

MD5
f98f98b26f7a545a6aa9d0b82ba48e01

SHA1
a83015b23fa653b4209027211a8d27e0fa944713

SHA256
7bcc14d09d4deab3da5baa1ae69619ccca0409f20b647238e2599871621e0a23

SHA512
8d67a84fcd4a92b3072902743a3ac374ec431d4705ddaba1ce794f3ce22146d3f4d919ce6903227b4ad9a15c307590c9dd60634730448f7b62bbe1531145dc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97fe1feb32cc306bf916dc5b2f448cec

SHA1
05a1fcfb3dd6d10ce7dbe05b8fc6443ffe287663

SHA256
6c6a16b0af5d398de03d0f26fdc62b04503627c140df680bb73d59e4bd622621

SHA512
706c80e82d7046b67f2ff81074719c59136c87c44f268c330ea9d41ebf77220cf1f78cd6ea96bffc6845a786cf5506dc2e32d8d422ec327c90743774eeab0302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e83e65ca20ef35789aa1952c0198c00f

SHA1
83879564e31cdd2e154cd066109c66d77676f751

SHA256
fd22987c3fadfff20d8417f523d61471852a5eeb07e095f05068a8cca8cf33f2

SHA512
baa84f4e58663f5561e5b222c9a20baa9793eead1e8f21571754dd3c7de27263c734ed17a68db59e456a28d54343996c4de075d98ea3cde2c39a229ed0764a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
145e33a9be3b729ae5993cfd4c544a9c

SHA1
6f0ec7c865749d7b00eb6b8f52009a75c029f153

SHA256
37d5acf569c9826a19159463f93eddc41ef207242067943c5886461ba13418bd

SHA512
fe5132d2565c167352c9e2e8feda1ce579b2442a44bd5a2ed4bad03e96ddd3c0179a47b38a34442ce94faa8aa07512e65ec1b9f9b02e61dfbddbb0c64cf8856a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e7b5191bdb10de1fbde8b6a37397879

SHA1
941161e73f0fa208840a0d6327907eba83015c73

SHA256
abb336160853074ae41a404bc43efee6e66a7be632afa86d703cf91d88dc4330

SHA512
1ba3169a2a60e8c1a97b66ffea6721fc670a98566bb6dd89366ce6f8a65e0fdf9cb236cbed8b85dd80b49195e797dadddbd04da82b9d1f7a49c9ba6c0751844c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d39a43a576f68e3d96a28abf43db3027

SHA1
2d1e6e1d4081be7cbc6a26a6213b22ca5c19a330

SHA256
9dc82c5878af5aab1794118b9cd0d6754623d5fc2d00038cc81b151e2794709f

SHA512
dad7c1bf49c909073da4e6676e41a8fc4649a107c5c46cb920c3d874ea59c7f480c0a6d4f02d524207e9ec11ac95904d692e584ea8801cff4090a200ccfce893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbba990cdee86fb2af723ea8f9fefa99

SHA1
39241bdef866a51c15bd2fc00b8cd581a82ddb92

SHA256
3279c74d5310f3a910f3c95baa492df472fc0fbd09ca6284a4a066583d466327

SHA512
b563f2249b181aa3627418aeaea1853d5d1e1cedf7fab6c94e625c13244afd33ad8004644110fbf2de2014235a9c70928272e68e9d1198013fd1316ead37437a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
101c9f0aa1b04ee7a2f670e9ca65241f

SHA1
62e90db0dbdb351f7c832b5db2b0ec6bd3919808

SHA256
645666d733c3bb46a9aa00592c6aff38dd74ada414398db7172ded76bcd34b67

SHA512
abc7021c4efb0d8dd8210ec97acecd771b18332323657750c9077b2d4908d3125c609109ebe6cd3db5c7027b2d5a3f18297df9dc9d4df304eb429a10805f99f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7674ce2364d19ba00ef0bbde7871e7e6

SHA1
52295a8f6b2466c57f0dea91d69ad22e62138d62

SHA256
4de975976a12125c78d26b22c0a3f38c02138eac80bd6d0ce1bc14ee420c3c49

SHA512
d219c621efc5a7fcd7fc8496087a8c992d757c620c868b0dbf51d2c4c15393cb682172949cc05d909a3feda58d1d2921aa156f99311f4ac7e22f38babd43ef85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3978ad1b1661af0d6d48e1fc4f9f511f

SHA1
a8cb197b4c7f8d50c8d73656d378730a1abc2375

SHA256
00d87ce973297ec6f8136247e3c7e7015a0c79ad86560005753fd95918cf1113

SHA512
ac5824aca3ce0b10676ea2f4e5c6a7003734cfb64796d927c5dd38d0206912356df693413f1d28eb671be9cf897455ab3b9917c22ad5d42a444605206be84cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd3ed62219d87023b0d2dd12a6e66146

SHA1
046ec9b9b4f6882e8d30cddf1b0dbb935d6c37fe

SHA256
8fc734e4bcf3edcb8c7ec7491566db88348795b615cb811e3f033207aa271b50

SHA512
6b055ee3d3c53a7ae6b28cd2ab7103055ff5f652ef41d08bda62591964be35b612c2eab775a39a6cb2c6c645f09331719b6b81c0a290e642e83f115bdb0d3b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
03f0abfe58509937a8e7579017db0c1b

SHA1
44132eb135dd5b0a08ac00e27803293d710401cb

SHA256
83888dffe592a87472d894396e3c646fdfc0ae334f06c57e402123d045d92951

SHA512
841b65ed9f6ecef3a90e1c2f3e4b24f5d20b76913baeb6c36550dfa33992768bdff7477358a2ba6a7801552c7de220c0cff897cbe3c52cd078a5ebbc0047d567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0fcdf05f572b058e5b983dd8320c2db0

SHA1
a299c0a542936224960a22c2dea6d95464e0c1b8

SHA256
187bcd0932655cdbf1426ca67aef1b079c93f1a9ec3b15be1c9e51ecfb8204bb

SHA512
0acad5ea038fc1e3b05681091df92e26754d14ad5d76395405429989e7be56384af8f49e254fbf9080be3626efe8303203923452272169ccd4cf6e7760f6182c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.