hxxps://github[.]com/JackDoesMalwares/Gocullinator

Resubmissions

02/10/2024, 15:31

241002-syd79axdpb 8

02/10/2024, 15:31

02/10/2024, 15:28

02/10/2024, 15:25

02/10/2024, 15:22

02/10/2024, 15:19

02/10/2024, 15:15

02/10/2024, 15:11

Analysis

max time kernel
202s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 15:11

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/JackDoesMalwares/Gocullinator

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2692	AiVDsDOsA.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	raw.githubusercontent.com
55	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	AiVDsDOsA.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723555075213411"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 3688	3580	chrome.exe	82
PID 3580 wrote to memory of 3688	3580	chrome.exe	82
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 2272	3580	chrome.exe	83
PID 3580 wrote to memory of 5028	3580	chrome.exe	84
PID 3580 wrote to memory of 5028	3580	chrome.exe	84
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85
PID 3580 wrote to memory of 3564	3580	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/JackDoesMalwares/Gocullinator
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6c7ccc40,0x7ffc6c7ccc4c,0x7ffc6c7ccc58
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5072,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5080,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5440,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:2256
- C:\Users\Admin\Downloads\AiVDsDOsA.exe
  "C:\Users\Admin\Downloads\AiVDsDOsA.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4672,i,13791316563172474310,12192933853569510007,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x3c0
1⤵
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
87245850fccdd77645e757188a60bb99

SHA1
866bebb88f7d371372d4f4f19c95e3d395e4a908

SHA256
59bd80405f67282b2afb21d440dab8a982bf14de2d9332894cb731b6842f3953

SHA512
62d2cca1b91d00a7b98661f0503e9b34a9adbd1ea51216f9234ae89c9b5601c3a76acd916cf5c279ea1798683beeb21f39d1e8abdb1d1d7238ed4b2093f4526a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1b2b666e6fa5c6fecd1f1bb6c62bfdb2

SHA1
b1de632ec20996c2d86c4fc966cdd93d4b978762

SHA256
0c6ddfcfc690dcf5db6bd35ea1e2a4b0269b601abe5896df23f07dd13a6436f2

SHA512
541095a9dbca3f0058b4630858bbdc95658a2acf66fc410896593f108c559ed652be07410bba11e0d05687b710a384d65faeff90e7cbae6cb52604903ba0f1f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
36305cdea4c1130bf7ed668850de9ab7

SHA1
3c1850eda780eae3e64a531516e1c784212f38c1

SHA256
7b8e0edfbc97aab8cc72b93eb0d6544e6f8509219650301466e10d56e311801b

SHA512
f29f397f83e2b1c7e3ae213a9ca922e08976d82052a2d64a4cf16bd8916b290bd381a685f237ef94936f4477ede7f9961b84b7432f1ebc12acc28e6e4aabf193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
15cb3739b8ca1d53b81775e569a02311

SHA1
719457b73806fdc2222248a3312f08ef1f2bee34

SHA256
1f7f3dd70f707c42ad71dece12653c40ba3dc9b9964bf2aa1a8aee6f0875cc94

SHA512
24a55262f1d8aad370c4ff935728c58ae89eb904480864badda890f9936c08b33c1f0271f98e87948744158de0a2dbab2b61ce5787a6f39d03daff28e1ca28be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7dd8300d0a63a1f0770669f83e501bc6

SHA1
f7a8210af1acd6176723bf2d3f24eb083a6d0dbb

SHA256
f86d172e4f28b60703c655710fccd35f61150ca83a22e29327eb1d78475bcdfd

SHA512
4855422b4b06ca7f56e16d3da776b16c236f81a288da29afdabd6515951dc12ebdb65fff68def37b0b5cefbdbe0429a2b495d1b2017465bce37d1b8a195547cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee4f4e58eadeaa744168c80b18e3853f

SHA1
f0ec91f654f6da485f3346b4b843632ceca1df99

SHA256
2901d72519b353db13e0ac0e0228535f2417bbe122f224098f37573b5c7bd6b2

SHA512
fa4a66131652b54f019df9cdbb396e31d1a1a1fbb3c63b10baf01e8e1e11ce38dd61006c69a44e6d56451f7224fa743949bf755f27ce2e357e7f576948a07b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8211049c6ffafeb07656fa55f48e9491

SHA1
f44fa38479f58e9cbf058b654d8019be00a2f879

SHA256
7b6bfe1d45889087a31bec9e2c75927338a88098ddca628798ac4acd9ae72525

SHA512
9e51d184cfedf21893dd224ece1d03f4f0acbd263d3442bd207af435a6fe39895223a77d705d2cf02f621a462bb7381847c1757f475815b43e1d4dba4da834f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96914d40868959c8b62bb23d5f5e6798

SHA1
913d952e7e5b4696e45a4351a365cd39be409d4b

SHA256
96825152982fbbb3a6f5ad1353230da842f866ef9a4d2c104b05a44987b52cd7

SHA512
912e9df410dfdd4fee5d9ecb88d13e1a55afc049877c59cde7650bfa1d00bdc7c503795ad10e4d304c646e993428ac663592ac6dbc41e47610c392e3f32bc014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6dda1efe25f65c8a59e5b49bd7464ab

SHA1
10cd77348ab555f5cbcd2bf085104b1348e4af92

SHA256
eb327413ee67fcc41c5d27c8a65b42ab046cb0156ade2c817680afd7286d367a

SHA512
32c9587644b63c865f7340a729b3263fdc64199dfa20ada14a3155a28653f5f783c7dda882550d8325864785628b67866936798c1e31543e07d71a8aff263852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eaa58dfb24718be482d5ef0b6a6821a1

SHA1
39799c0390509ea03e081439207aff6ef2661c04

SHA256
964053bb0c3c50857d51e2b81037ace3d010fa3e7e5171449b0fb1a12ce1d950

SHA512
f375a0a8d19763a485f84a061ea5def0f7ad2f4023c738cda7fd89af44f5d6c6d1f9ed3b7254a5c98b2e68e664cc5b817c05ee0abe46533eebe5d90b6f868126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4601d5c119617a0d847032d16246ba53

SHA1
985eabbc061a4dd8b43c3221b31e07dc5354a582

SHA256
eb289f20348e07b3e1326f9ea754d03d1d63d497ac3ee6fa13ef5ee38f789432

SHA512
514a5d5a61bb1ae28da0f1376f7af878af804035f52c3cc94f4a84a484cbb0b8b6a0c6ddc69e6c1cb0e2c79d9f16b55c05de57b1100fd06e4081ad3178fe6d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
696a6879a2c8605c55f90e65baa96754

SHA1
d8fce081c640c4d628cc9ff271d08c02a99f90ea

SHA256
d4be4e706d39494ecbea9a217f74750c75b6db81f6ef70cb6c01d27bb9f06d60

SHA512
f549d4b966d9734944df7f0aa34e3cdad37bd6ae3dd7bc30f96a4045cefae2995978a259e5dff695faa7c38f898eacf8dedd9d5a5eec21298c098b953d19aa69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
184910d468657f3f446b07fb0b068366

SHA1
9b1f8b485f9bc8b022c6db82ecbcfb899a3019df

SHA256
86ea1a54cb853f36491068c2587567361bdaf9ea3fc3e6fcb740b7424016bf30

SHA512
3a11cb3896ab781d1f3feb7c35e4e056e650d233c13308500eb81d8b8dd837f1d3058912494d145da560ac0012e51fe79df9778d7233a36f8db27805d2b9a2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d97395868568f68e8903290c33c8dfb8

SHA1
ef35c05a0eb3442d482b9f1de7a5c95763400b6c

SHA256
fd3b4644e73f39367f930b1eaf2ae6ebfa969f72e335d2daf6f7473cb2881b23

SHA512
ddcd5218fd7496a65a605419871279936b13dd8dbe80a08d0c03c73646ff193ddd748f3df4a4bb4ed06ddfda638f38cb2172c8c865bcd9970e5f97aed03555bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ee6d7a64943b439ba1c971dd996fedd

SHA1
1cf4ebed3c77f347f1e328d34adb78bfb7345a01

SHA256
f5b222423e8528c31914b9cf41809551f1e22e5442167f81f0950b006c7d28cc

SHA512
cada3d7bf5f76a2ccccc16a854f57f2078bb11d3945f6f815f2b2449999d5f0242d3031153ddaa69a9c1648a6905a47d06e88562c663deab328f2b638a9f1645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
caaf4a39820724a4e157ef4a07b0a15d

SHA1
0b965fa8dcd3fae3fec8308f006dac9a783d795d

SHA256
25c73f10da5d8bda5684c8088be550de3286d995bf23c3d3fcc5659e601ead83

SHA512
b2f4154a66851b3c0a6171ab5516354a1f52a187802a8c5695bcd1030d762567311833c0ee65fc9f6d2388466ea684dc29414d444b907f02a136040f5364451f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3934b98ad2c07ec27411ebfce0bea1cc

SHA1
0943567a6fca2c606f70521f87aaa52da4fd114e

SHA256
360b3e336e5ab61a86aa2d63edc47e3e5c227e1a87254974f980db160d9ff53d

SHA512
1c91e69d9ff8bb350cf86169f0e09aa675a20fc25287ed97c69a8afcd575baee867e4d72a5e7afaa79e2e7550f999c43ef3933cc17670676048b8e8809a69047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3e268c25c58a64b21233c4f4c9e61ae3

SHA1
aa9d209fc6f6c9f775131720e3686978131331fa

SHA256
ddf46416f35440e1c7bc5eacf16260bb8eac09fe7aabe0fb7a008f3cbcfb744c

SHA512
2b2c4053955ceac280c75cb00a690825d9f77c5726a7f43d958ec55bf9f50a9ed5952b90ba4768831a2ae5a22a8bde4636dad953b6fbc41a2f63e5a9ffa7a25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2626990909e5cabc7cffb6345aad92d5

SHA1
6a481019b2766662a52938d21ef0caa2da2787fb

SHA256
ad4b9a55d153cbec320faff9577e29b77d27eb3be11f65c6c4e8a04b04cbbfde

SHA512
7256670e84cfd2d55bba85d1e9d30773b4d8dfa4ac6e6e66784485503f214efd0e164393c1dcec30fa7e730239b0780f51d813c2b956e6555c85127872f52ab1

Download Submit
C:\Users\Admin\Downloads\AiVDsDOsA.exe

Filesize
24KB

MD5
2248fcda8954257069894700b0548195

SHA1
11b9e0e33d86d3d1777387f189176367a02696f5

SHA256
88c90b565a20ef30865a70f8ff02dd39e5958cfb409bac81559ef2cd6b9aa900

SHA512
a1b60fc16722bc0d07fa21530d6756b09db935c9572b4fd5ce9c85f730f50dde4048e74fde4b737e7a2b9e0a2a0012d10b28caa59d35334bcfa8664993bdb794

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads